RDS 資料庫例項的雲端 DR - AWS 通知 憑證續約

有關在 AWS 雲端中執行且屬於雲端 DR 環境一部分之 RDS 虛擬機器的 AWS 電子郵件通知更新。

 

AWS 通知電子郵件範例： 

You are receiving this message because your AWS Account has one or more Amazon RDS, or Amazon Aurora database instances in the xxx Region using an SSL/TLS Certificate that is expiring on August 22, 2024.



If your applications connect to these instances using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol, you will need to take action before August 22, 2024 to prevent connectivity failures to your existing database instances.



To protect your communications with your database instances, a Certificate Authority (CA) generates time-bound certificates that are checked by your database client software to authenticate any database instance before exchanging information. Following industry best practices, AWS renews the CA and creates new certificates on a routine basis to ensure customer connections are properly protected for years to come. The current CA in CA-CENTRAL-1 will expire on August 22, 2024. Before this date you will need to first add new CA certificates to the trust stores in your client applications and then update the certificates on your database instances to the latest issued version.



For detailed instructions on how to perform these updates please see the Amazon RDS instances [1] and Amazon Aurora instances [2] documentation.



The ca-certificate-identifier option on the create-db-instance API is available for you to create a DB instance with a specific CA. For more information, see the create-db-instance API documentation [3].



A modify-certificates API is also available that will allow you to temporarily override the default CA on newly created database instances to either the old or new CA. This override will only apply while the CA you are overriding to is valid. To use this API you will need to be running the AWS CLI version 1.17 or later. For more information see the modify-certificates API documentation [4].



If you have questions or concerns, please contact AWS Support [5].



[1] https://urldefense.com/v3/__https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvmjHy4HgA$ [docs[.]aws[.]amazon[.]com] [2] https://urldefense.com/v3/__https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL-certificate-rotation.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvnKWKp0YQ$ [docs[.]aws[.]amazon[.]com] [3] https://urldefense.com/v3/__https://docs.aws.amazon.com/cli/latest/reference/rds/create-db-instance.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvmcmURvXQ$ [docs[.]aws[.]amazon[.]com] [4] https://urldefense.com/v3/__https://docs.aws.amazon.com/cli/latest/reference/rds/modify-certificates.html__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvkynZBscg$ [docs[.]aws[.]amazon[.]com] [5] https://urldefense.com/v3/__https://console.aws.amazon.com/support/home__;!!LpKI!hnjics5pQu8w-FsnZiBC-09YaOY7iNreldAUo72R2BImcXEGq11Mll3Ss1tYIbhWjSt3Xzz19VrkrvkMkj534g$ [console[.]aws[.]amazon[.]com]

來自 AWS 支援的有關雲端中 RDS 虛擬機的資訊：

1. 已確認，預設情況下，RDS 未配置為強制安全套接字層 （SSL） 連接。
2. AWS 支援建議，如果應用程式未顯式配置為使用 SSL 連接，則可以忽略此警告，因為更新不會影響您。
3. 未配置與 RDS 的顯式 CDRS 連接以使用 SSL。

不需要執行任何操作，因為來自 AWS 的此更新不會影響 CDR - RDS。