Elastic beanstalk does not support new CA


Our existing CA is going to expire in May 2024. Therefore we must update the our RDS to use a CA that will expire later than that. We have decided to use "rds-ca-rsa2048-g1". After updating our RDS CA we are unable to connect to the server we get ssl error We are using elastic beanstalk therefore shouldn't AWS be responsible for updating our SSL certificate?

질문됨 3달 전130회 조회
1개 답변

Under the Shared Responsibility Model for Elastic Beanstalk, your key responsibilities include:

  • Regularly update all components under your control, as defined in the AWS Shared Responsibility Model. This includes ensuring the security of your application, protecting your data, and updating any additional components your application requires that you have installed.
  • Ensure that your Elastic Beanstalk environments are always running on supported platform versions. If any environment is found to be on an unsupported or deprecated version, it is important to migrate it to a current, supported version promptly.
  • Address and rectify any issues encountered with failed managed update attempts, and make another attempt at the update as necessary.
  • If you have opted out of Elastic Beanstalk managed updates, you should manually patch the operating system, runtime, application server, and web server. This can be done by applying platform updates manually as described in the manual platform updates guide or by directly patching the components on all applicable environment resources.
  • Manage the security and compliance of any AWS services you utilize outside of Elastic Beanstalk in accordance with the AWS Shared Responsibility Model.

You can learn more about Shared responsibility model for Elastic Beanstalk platform maintenance

profile picture
답변함 3달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠