snippetsqlModerate
How to enable force ssl on AWS Aurora Postgres?
Viewed 0 times
enableforcepostgresauroraawshowssl
Problem
In AWS's direct postgres offering RDS Postgres, you can require SSL by setting the parameter group item
This is as per the RDS postgres documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
However Aurora Postgres does not have this parameter item, and there is no ability to add new parameters either. How do you turn on require ssl for an Aurora instance?
I can see in the Aurora version that it supports SSL:
And I can optionally connect via ssl:
rds.force_ssl to 1.This is as per the RDS postgres documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
However Aurora Postgres does not have this parameter item, and there is no ability to add new parameters either. How do you turn on require ssl for an Aurora instance?
I can see in the Aurora version that it supports SSL:
create extension sslinfo;
select ssl_is_used();
select ssl_cipher();And I can optionally connect via ssl:
psql -h my-ssl-test1.cwzhlddlylx.us-east-1.rds.amazonaws.com -p 5432
-U myuser -d mydb sslrootcert=rds-ca-2015-root.pem sslmode=verify-fullSolution
For Aurora Postgres, there's two relevant cluster-level parameters (note they're not instance-level parameters):
rds.force_ssl and ssl. I haven't tested this myself but you should be able to modify them in the usual way using DB Parameter Groups.Context
StackExchange Database Administrators Q#201635, answer score: 10
Revisions (0)
No revisions yet.