I recently received the email notifying me of the need to rotate SSL certificates on my Postgres servers before March 2020.
My Postgres servers are currently configured wholly via CloudFormation, and I prefer to keep it this way to avoid drift.
I was surprised to discover, therefore, that though a CLI description of the databases includes the key/value:
"CACertificateIdentifier": "rds-ca-2015"
CACertificateIdentifier is not a property that appears to be exposed to CloudFormation. I get "UPDATE_FAILED" and "Encountered unsupported property CACertificateIdentifier" when I try to add it with the value "rds-ca-2019".
Is this exposed in some other way, or is it something for which support needs to be added?
Thanks,
George
Edited by: jawj on Oct 11, 2019 2:23 AM