Cloud DR – AWS-Benachrichtigung für RDS-Datenbankinstanzen Zertifikatsverlängerung

Update der AWS-E-Mail-Benachrichtigung zu virtuellen RDS-Maschinen, die in der AWS Cloud ausgeführt werden und Teil der Cloud DR-Umgebung sind.

 

Beispiel für eine AWS-Benachrichtigungs-E-Mail: 

You are receiving this message because your AWS Account has one or more Amazon RDS, or Amazon Aurora database instances in the xxx Region using an SSL/TLS Certificate that is expiring on August 22, 2024.



If your applications connect to these instances using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol, you will need to take action before August 22, 2024 to prevent connectivity failures to your existing database instances.



To protect your communications with your database instances, a Certificate Authority (CA) generates time-bound certificates that are checked by your database client software to authenticate any database instance before exchanging information. Following industry best practices, AWS renews the CA and creates new certificates on a routine basis to ensure customer connections are properly protected for years to come. The current CA in CA-CENTRAL-1 will expire on August 22, 2024. Before this date you will need to first add new CA certificates to the trust stores in your client applications and then update the certificates on your database instances to the latest issued version.



For detailed instructions on how to perform these updates please see the Amazon RDS instances [1] and Amazon Aurora instances [2] documentation.



The ca-certificate-identifier option on the create-db-instance API is available for you to create a DB instance with a specific CA. For more information, see the create-db-instance API documentation [3].



A modify-certificates API is also available that will allow you to temporarily override the default CA on newly created database instances to either the old or new CA. This override will only apply while the CA you are overriding to is valid. To use this API you will need to be running the AWS CLI version 1.17 or later. For more information see the modify-certificates API documentation [4].



If you have questions or concerns, please contact AWS Support [5].



[1] https://urldefense.com/v3/__https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvmjHy4HgA$ [docs[.]aws[.]amazon[.]com] [2] https://urldefense.com/v3/__https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvnKWKp0YQ$ [docs[.]aws[.]amazon[.]com] [3] https://urldefense.com/v3/__https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvmcmURvXQ$ [docs[.]aws[.]amazon[.]com] [4] https://urldefense.com/v3/__https://docs.aws.amazon.com/cli/latest/reference/rds/modify-certificates.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvkynZBscg$ [docs[.]aws[.]amazon[.]com] [5] https://urldefense.com/v3/__https://console.aws.amazon.com/support/home__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvkMkj534g$ [console[.]aws[.]amazon[.]com]

Informationen vom AWS-Support zu den virtuellen RDS-Maschinen in der Cloud:

1. Es wird bestätigt, dass RDS standardmäßig nicht so konfiguriert ist, dass SSL-Verbindungen (Secure Sockets Layer) erzwungen werden.
2. Der AWS-Support empfiehlt, dass diese Warnung ignoriert werden kann, wenn die Anwendung nicht explizit für die Verwendung von SSL-Verbindungen konfiguriert ist, da Sie von der Aktualisierung nicht betroffen sind.
3. Explizit CDRS-Verbindungen zu RDS für die Verwendung von SSL werden nicht konfiguriert.

Es ist keine Aktion erforderlich, da dieses Update von AWS keine Auswirkungen auf CDR – RDS hat.