Elastic beanstalk does not support new CA


Our existing CA is going to expire in May 2024. Therefore we must update the our RDS to use a CA that will expire later than that. We have decided to use "rds-ca-rsa2048-g1". After updating our RDS CA we are unable to connect to the server we get ssl error We are using elastic beanstalk therefore shouldn't AWS be responsible for updating our SSL certificate?

已提問 3 個月前檢視次數 135 次
1 個回答

Under the Shared Responsibility Model for Elastic Beanstalk, your key responsibilities include:

  • Regularly update all components under your control, as defined in the AWS Shared Responsibility Model. This includes ensuring the security of your application, protecting your data, and updating any additional components your application requires that you have installed.
  • Ensure that your Elastic Beanstalk environments are always running on supported platform versions. If any environment is found to be on an unsupported or deprecated version, it is important to migrate it to a current, supported version promptly.
  • Address and rectify any issues encountered with failed managed update attempts, and make another attempt at the update as necessary.
  • If you have opted out of Elastic Beanstalk managed updates, you should manually patch the operating system, runtime, application server, and web server. This can be done by applying platform updates manually as described in the manual platform updates guide or by directly patching the components on all applicable environment resources.
  • Manage the security and compliance of any AWS services you utilize outside of Elastic Beanstalk in accordance with the AWS Shared Responsibility Model.

You can learn more about Shared responsibility model for Elastic Beanstalk platform maintenance

profile picture
已回答 3 個月前

您尚未登入。 登入 去張貼答案。