Reputation: 411
AWS RDS Postgresql Connect Without Providing Certificate
I created a new Postgresql instance in AWS RDS with encryption enabled.
I downloaded the rds-combined-ca-bundle.pem to use it in my connection like this (I already enabled rds.force ssl in parameters group):
psql -h "rds-endpoint" -p 5432 \
"dbname=db user=user sslrootcert=rds-combined-ca-bundle.pem sslmode=verify-full"
but I discovered that I can still connect to the instance without providing this certificate
psql -h "rds-endpoint" -p 5432 "dbname=db user=user"
I don't understand why the tutorial says that I need the pem file to work with the instance. I am doing something wrong?
Upvotes: 7
Views: 1063
Answers (1)
Reputation: 1425
In the AWS Docs, it is mentioned that:
You can set the rds.force_ssl parameter value by updating the parameter group for your DB instance. If the parameter group for your DB instance isn't the default one, and the ssl parameter is already set to 1 when you set rds.force_ssl to 1, you don't need to reboot your DB instance. Otherwise, you must reboot your DB instance for the change to take effect
So make sure that you have rebooted your DB instance.
Upvotes: 0
Related Questions
- How to connect to AWS RDS with SSL encryption from local?
- Connecting to RDS Postgres from remote machine
- Connect Django Postgres to AWS RDS over SSL
- How do I connect to an AWS PostgreSQL RDS instance using SSL and the sslrootcert parameter from a Windows environment?
- Requirement of Client certificates in PostgreSQL SSL
- How to configure x509 client certificate based authentication to connect to AWS RDS based PostgreSQL
- Aurora RDS Postgres - Connect over SSL using PgAdmin3
- npgsql connecting to AWS RDS PostgreSQL with SSL
- RDS PostgreSQL: General error: 7 SSL error: invalid key length
- Connecting to Postgres AWS RDS Instance - "certificate verify failed"