Elastic beanstalk does not support new CA

0

Our existing CA is going to expire in May 2024. Therefore we must update the our RDS to use a CA that will expire later than that. We have decided to use "rds-ca-rsa2048-g1". After updating our RDS CA we are unable to connect to the server we get ssl error We are using elastic beanstalk therefore shouldn't AWS be responsible for updating our SSL certificate?

已提问 3 个月前133 查看次数
1 回答
1

Under the Shared Responsibility Model for Elastic Beanstalk, your key responsibilities include:

  • Regularly update all components under your control, as defined in the AWS Shared Responsibility Model. This includes ensuring the security of your application, protecting your data, and updating any additional components your application requires that you have installed.
  • Ensure that your Elastic Beanstalk environments are always running on supported platform versions. If any environment is found to be on an unsupported or deprecated version, it is important to migrate it to a current, supported version promptly.
  • Address and rectify any issues encountered with failed managed update attempts, and make another attempt at the update as necessary.
  • If you have opted out of Elastic Beanstalk managed updates, you should manually patch the operating system, runtime, application server, and web server. This can be done by applying platform updates manually as described in the manual platform updates guide or by directly patching the components on all applicable environment resources.
  • Manage the security and compliance of any AWS services you utilize outside of Elastic Beanstalk in accordance with the AWS Shared Responsibility Model.

You can learn more about Shared responsibility model for Elastic Beanstalk platform maintenance

profile picture
专家
已回答 3 个月前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容