By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Registering a SSL Certificate in C# .NET AWS Lambdas

0

I'm trying to connect to a SQL Server 2019 instance (happens to be in an EC2) from a C# .NET AWS lambda. I'm using a self-signed certificate to establish client trust with the SQL instance.

There doesn't seem to be a lot of documentation around how to register certificates in AWS. The documentation I can find is third party, and revolves around using OpenSSL's SSL_CERT_FILE variable to expose a lambda layer path for OpenSSL to interrogate as a root trust (https://dev.to/leading-edje/aws-lambda-layer-for-private-certificates-465j)

I've used the SSL_CERT_FILE approach in the past with success, but it doesn't seem that SQL is using OpenSSL for that trust connection.

What alternative approaches have folks used? Has anyone had success with actually registering certificates in an AWS Lambda? (instead of exposing it to specific SSL libraries, like SSL_CERT_FILE does)

Topics
ServerlessComputeAWS Well-Architected Framework.NET on AWS
Tags
AWS LambdaSecurity.NET on AWS
Language
English
Erik Farrell
asked 8 months ago912 views
1 Answer
1

You can issue an SSL certificate from AWS Certificate Manager (ACM) service if you have purchased a domain.

Here's the step-by-step tutorial to get a certificate. https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html#request-public-console

profile picture
HS
answered 8 months ago
  • Erik Farrell
    8 months ago

    Thanks. I don't have control over the SQL certificate unfortunately. It's self-signed.

  • HS
    8 months ago

    Can you use an official CA certificate for your RDS instance instead of the self-signed one?

    For how to establish an SSL connection with the RDS instance from a general SQL client, see this page.

    For Lambda, you need to download and save the certificate in your lambda package and you should be able to use the SQL library to achieve the same goal.

  • Erik Farrell
    8 months ago

    Can you provide some guidance around how I would save the certificate in the lambda package?

    Is this through the lambda layer? If so, how would I register it with the trust store?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content