SSL replication between Aurora clusters
A customer is trying to figure out how to make encrypted replication between aurora clusters in different regions. We have documentation for such use case here - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Replication.MySQL.html - but it's not very clear. It suggests generating keys using openssl on the source instance and importing them, but how is that going to work if destination cluster uses our own CA to issue public key? If source keys are self generated and destination cluster uses different CA how are they going to trust each other?
- 最新
- 投票最多
- 评论最多
At this time, you cannot establish TLS encrypted binlog replication between two Aurora clusters when you set up binlog replication manually between the clusters. The link you provided outlines the process if you plan to replicate between on-premises (or EC2-based) MySQL and Aurora, where you have full access to the master OS and file system.
However, if you use our managed Cross-Region Read Replica capability in Aurora, then we will encrypt the binlog traffic across regions using an underlying tunnel managed by the service. Is there a reason the customer can't use cross-region read replicas?
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 1 年前
