- Please tell me about SSL connection to RDS.
In a case where a Go application in EC2 (Amazon Linux) accesses a database via SSL to RDS (PostgreSQL) in the same region
I am planning to follow the procedure below, but I would like to confirm something.
https://docs.aws.amazon.com/ja_jp/AmazonRDS/latest/UserGuide/PostgreSQL.Concepts.General.SSL.html#PostgreSQL.Concepts.General.SSL.Connecting
In the "Connecting to a PostgreSQL DB instance via SSL" step "Import the certificate into the operating system. In the "Connecting to a PostgreSQL DB instance via SSL" section, it states that the certificate needs to be imported into the trust store.
In fact, by specifying sslrootcert and sslmode in the psql command without this step, the SSL connection status (ssl_is_used) returns "t" and it looks like an SSL connection is established.
I would like to know if this procedure is necessary for this connection from the Go application.
- How does it work?
For the public key (rds-ca-2019) specified in the sslrootcert
I assume that a common key is required for a normal SSL connection, but is this generated by RDS or a driver such as libpq?
Also, is it correct that the server certificate and private key are installed in the DB when the RDS (PostgreSQL) is created?
AWS OFFICIELA mis à jour il y a 3 ans