RDS Postgres SSL/TLS certificate rotation via CloudFormation


I recently received the email notifying me of the need to rotate SSL certificates on my Postgres servers before March 2020.

My Postgres servers are currently configured wholly via CloudFormation, and I prefer to keep it this way to avoid drift.

I was surprised to discover, therefore, that though a CLI description of the databases includes the key/value:

"CACertificateIdentifier": "rds-ca-2015"

CACertificateIdentifier is not a property that appears to be exposed to CloudFormation. I get "UPDATE_FAILED" and "Encountered unsupported property CACertificateIdentifier" when I try to add it with the value "rds-ca-2019".

Is this exposed in some other way, or is it something for which support needs to be added?


Edited by: jawj on Oct 11, 2019 2:23 AM

asked 4 years ago312 views
1 Answer

Hi George, thanks for your post! Currently CloudFormation support is not yet available so please use the API, CLI, or console for now.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions