HiveBrain v1.2.0
Get Started
← Back to all entries
snippetsqlModerate

How to enable force ssl on AWS Aurora Postgres?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
enableforcepostgresauroraawshowssl

Problem

In AWS's direct postgres offering RDS Postgres, you can require SSL by setting the parameter group item rds.force_ssl to 1.

This is as per the RDS postgres documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL

However Aurora Postgres does not have this parameter item, and there is no ability to add new parameters either. How do you turn on require ssl for an Aurora instance?

I can see in the Aurora version that it supports SSL:

create extension sslinfo;
select ssl_is_used();
select ssl_cipher();


And I can optionally connect via ssl:

psql -h my-ssl-test1.cwzhlddlylx.us-east-1.rds.amazonaws.com -p 5432
-U myuser -d mydb sslrootcert=rds-ca-2015-root.pem sslmode=verify-full

Solution

For Aurora Postgres, there's two relevant cluster-level parameters (note they're not instance-level parameters): rds.force_ssl and ssl. I haven't tested this myself but you should be able to modify them in the usual way using DB Parameter Groups.

Context

StackExchange Database Administrators Q#201635, answer score: 10

Revisions (0)

No revisions yet.