Custom domain for Neptune cluster endpoints

0

I've created a Route 53 private hosted zone and added a CNAME record (dbcluster.neptune.local) for Neptune endpoints. However, when accessing the CNAME record from a Lambda function, I'm encountering the error "SSL_VALIDATION_FAILED".

The objective is to have a blue/green Neptune upgrade. For this, we create a new Neptune cluster with the latest version, test and promote it. So we update the default CNAME record to point to the new cluster endpoint.

What is the AWS best practice for replacing Neptune endpoints with a custom domain (with support of ssl validation)?

Dhinesh
asked 2 months ago163 views
1 Answer
0

The best method to use in this sort of scenario is to parameterize the endpoints within your application. Perhaps use them as configuration parameters within a parameter store or configuration database.

Depending on the client library you're using, you could also use a load balancer or proxy and terminate the SSL connections at the proxy (allowing the load balancer or proxy to build backend connections to Neptune that would be validated connections).

Neptune does not support importing custom SSL certs, so there's no way to validate connections that use a hostname other than the endpoints provided by the Neptune cluster (cluster endpoint, reader endpoint, or instance endpoints).

profile pictureAWS
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions