Passer au contenu
En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post
À propos de re:Post

Custom domain for Neptune cluster endpoints

0

I've created a Route 53 private hosted zone and added a CNAME record (dbcluster.neptune.local) for Neptune endpoints. However, when accessing the CNAME record from a Lambda function, I'm encountering the error "SSL_VALIDATION_FAILED".

The objective is to have a blue/green Neptune upgrade. For this, we create a new Neptune cluster with the latest version, test and promote it. So we update the default CNAME record to point to the new cluster endpoint.

What is the AWS best practice for replacing Neptune endpoints with a custom domain (with support of ssl validation)?

Sujets
Base de donnéesMise en réseau et diffusion de contenu
Balises
Amazon NeptuneAmazon Route 53
Langue
English

demandé il y a 2 ans597 vues

1 réponse
0

The best method to use in this sort of scenario is to parameterize the endpoints within your application. Perhaps use them as configuration parameters within a parameter store or configuration database.

Depending on the client library you're using, you could also use a load balancer or proxy and terminate the SSL connections at the proxy (allowing the load balancer or proxy to build backend connections to Neptune that would be validated connections).

Neptune does not support importing custom SSL certs, so there's no way to validate connections that use a hostname other than the endpoints provided by the Neptune cluster (cluster endpoint, reader endpoint, or instance endpoints).

AWS

répondu il y a 2 ans

EXPERT

vérifié il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Contenus pertinents