govCloud RDS cert update

According to the AWS GovCloud (US) User's Guide or the RDS service:

Since the AWS GovCloud (US) Regions use a unique certificate authority (CA), update your DB instances for the AWS GovCloud (US) Regions to use the Region-specific certificate identified by rds-ca-rsa4096-g1 in DescribeCertificates calls as soon as possible. The remaining instructions described in the Rotating your SSL/TLS certificate topic are the same, except for the certificate identifier.

Running the following command:

 aws rds describe-certificates --region us-gov-east-1

Produces:

{
    "Certificates": [
        {
            "CertificateIdentifier": "rds-ca-2017",
            "CertificateType": "CA",
            "Thumbprint": "12fef37925cf5758c3c2d32b4dfca31e74a5dde4",
            "ValidFrom": "2018-07-28T00:52:33+00:00",
            "ValidTill": "2022-06-01T12:00:00+00:00",
            "CertificateArn": "arn:aws-us-gov:rds:us-gov-east-1::cert:rds-ca-2017",
            "CustomerOverride": false
        },
        {
            "CertificateIdentifier": "rds-ca-rsa2048-g1",
            "CertificateType": "CA",
            "Thumbprint": "f8fdfb895f10acb081e6003666c9ec20771f589f",
            "ValidFrom": "2022-04-20T19:21:26+00:00",
            "ValidTill": "2027-04-20T20:21:26+00:00",
            "CertificateArn": "arn:aws-us-gov:rds:us-gov-east-1::cert:rds-ca-rsa2048-g1",
            "CustomerOverride": false
        },
        {
            "CertificateIdentifier": "rds-ca-rsa4096-g1",
            "CertificateType": "CA",
            "Thumbprint": "beb497e3471c0f7b230cba284179c54bdc6add97",
            "ValidFrom": "2022-01-03T20:42:15+00:00",
            "ValidTill": "2027-01-03T21:42:15+00:00",
            "CertificateArn": "arn:aws-us-gov:rds:us-gov-east-1::cert:rds-ca-rsa4096-g1",
            "CustomerOverride": false
        }
    ]
}

Links for downloading the CA bundles can be found here: Using SSL/TLS to encrypt a connection to a DB instance.