Amazon RDS PostgreSQL SSL Connection
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Amazon RDS PostgreSQL SSL Connection

  • Dark
    Light
  • PDF

Article summary

Introduction

Secure Socket Layer (SSL) is a cryptographic protocol used to establish a secure connection between a client and a server over the internet. It ensures that data transmitted between the client and server remains encrypted and protected from unauthorized access.

This document provides step-by-step instructions on how to connect to a PostgreSQL database hosted on Amazon RDS/Aurora and Google Cloud SQL using SSL.

Connecting to Amazon RDS/Aurora

Please ensure that prior to beginning, you have an Amazon Web Services (AWS) account with the appropriate permissions to manage Amazon RDS or Aurora instances.

Step 1: Configure a Parameter Group

To allow SSL connections to your Amazon RDS/Aurora instance, you need to configure the Parameter group associated with the instance.

  1. In the AWS Management Console, navigate to the Amazon RDS/Aurora dashboard.

  2. Click Parameter Groups in the navigation panel.
    image.png

  3. To modify the RDS instance's parameter group select you database.
    image.png

  4. To enable SSL connections, you can either create a new parameter group or modify an existing one. Ensure that the parameter group belongs to the PostgreSQL family, and set the following parameter:

Parameter: rds.force_ssl
Value: "1"

By setting this parameter to "1", SSL connections will be enforced.
image.png

  1. Navigate to the configuration tab within the PostgreSQL instance database.
    image.png

  2. Ensure that your database instance parameter group is synchronized with your database. If it is not, access the modify screen, scroll down, and in the additional configuration section, locate and select your database.

Step 2: Download SSL Certificate

To establish an SSL connection to Amazon RDS/Aurora, you need an SSL certificate.

  1. In the AWS Management Console, navigate to the Amazon RDS/Aurora dashboard.

  2. Choose the PostgreSQL instance you wish to work with.

  3. Locate the relevant certificate bundle for your region within the Amazon RDS documentation.

  4. Download the SSL certificate by clicking on the provided link next to it.
    image.png

  5. Save the downloaded certificate file (e.g., us-east-2-bundle.pem) to a secure location.

Step 3: Connect to PostgreSQL In Rivery using SSL

Now that you have the SSL certificate and the security group is properly configured, you can establish an SSL connection to your Amazon RDS/Aurora PostgreSQL instance.

  1. Pick a suitable Connection Name.
  2. Select the SSL Options tab.
  3. In order to use SSL authentication with Amazon RDS, you need to choose either the "Verify-CA" or "Verify-Full" modes.
  4. Simply drag and drop the downloaded SSL certificate onto the CA Certification label.

image.png




Connecting to Google Cloud SQL

Please ensure that prior to beginning, you have a Google Cloud Platform (GCP) account with the appropriate permissions to manage Cloud SQL instances.

Step 1: Download the Client Certificates

To establish an SSL connection to Google Cloud SQL, you need to download the client certificate.

  1. In the GCP Console, navigate to the SQL instances page.
    image.png

  2. Select your PostgreSQL instance.
    image.png

  3. In the left navigation menu, click on Connections.
    image.png

  4. Click the Security tab.
    image.png

  5. Select the option Create Client Certificate.

  6. Provide a unique name for the client certificate.
    image.png

  7. Download the 3 provided files to a secure location.
    image.png

Please be aware that the psql command provided at the bottom is not necessary and can be disregarded.

Step 2: Connect to PostgreSQL in Rivery using SSL

With the SSL configuration in place and the client certificates downloaded, you can now connect to your Google Cloud SQL PostgreSQL instance using SSL.

  1. Pick a suitable Connection Name.
  2. Select the SSL Options tab.
  3. Choose the SSL mode of your choice.
  4. Simply drag and drop the downloaded SSL certificate onto the matching labels of your files.

image.png


Was this article helpful?