Cloud DR — notificação da AWS para instância de banco de dados RDS Renovação de certificado

Atualização de notificação por e-mail do AWS referente às Máquinas virtuais RDS executadas na Nuvem AWS que fazem parte do ambiente do Cloud DR.

 

Exemplo de e-mail de notificação da AWS: 

You are receiving this message because your AWS Account has one or more Amazon RDS, or Amazon Aurora database instances in the xxx Region using an SSL/TLS Certificate that is expiring on August 22, 2024.



If your applications connect to these instances using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol, you will need to take action before August 22, 2024 to prevent connectivity failures to your existing database instances.



To protect your communications with your database instances, a Certificate Authority (CA) generates time-bound certificates that are checked by your database client software to authenticate any database instance before exchanging information. Following industry best practices, AWS renews the CA and creates new certificates on a routine basis to ensure customer connections are properly protected for years to come. The current CA in CA-CENTRAL-1 will expire on August 22, 2024. Before this date you will need to first add new CA certificates to the trust stores in your client applications and then update the certificates on your database instances to the latest issued version.



For detailed instructions on how to perform these updates please see the Amazon RDS instances [1] and Amazon Aurora instances [2] documentation.



The ca-certificate-identifier option on the create-db-instance API is available for you to create a DB instance with a specific CA. For more information, see the create-db-instance API documentation [3].



A modify-certificates API is also available that will allow you to temporarily override the default CA on newly created database instances to either the old or new CA. This override will only apply while the CA you are overriding to is valid. To use this API you will need to be running the AWS CLI version 1.17 or later. For more information see the modify-certificates API documentation [4].



If you have questions or concerns, please contact AWS Support [5].



[1] https://urldefense.com/v3/__https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvmjHy4HgA$ [docs[.]aws[.]amazon[.]com] [2] https://urldefense.com/v3/__https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvnKWKp0YQ$ [docs[.]aws[.]amazon[.]com] [3] https://urldefense.com/v3/__https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvmcmURvXQ$ [docs[.]aws[.]amazon[.]com] [4] https://urldefense.com/v3/__https://docs.aws.amazon.com/cli/latest/reference/rds/modify-certificates.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvkynZBscg$ [docs[.]aws[.]amazon[.]com] [5] https://urldefense.com/v3/__https://console.aws.amazon.com/support/home__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvkMkj534g$ [console[.]aws[.]amazon[.]com]

Informações do AWS Support sobre as RDS Virtual Machines na nuvem:

1. Foi confirmado que, por padrão, o RDS não está configurado para forçar conexões SSL (Secure Sockets Layer).
2. O suporte da AWS sugere que, se o aplicativo não estiver configurado explicitamente para usar conexões SSL, é possível ignorar esse aviso, pois a atualização não afeta você.
3. Explicitamente as conexões CDRS com o RDS para usar SSL não estão configuradas.

Nenhuma ação é necessária, pois essa atualização da AWS não afeta o CDR - RDS.