Posted On: Mar 6, 2024
Amazon Relational Database Service (Amazon RDS) Multi-AZ Deployments with two readable standbys now supports database security certificate rotation. Security certificates provide an extra layer of security by validating the connection made to Amazon RDS database instances and clusters.
A certificate authority (CA) is a certificate that identifies the root CA at the top of the certificate chain. Amazon RDS Certificate Authority certificates rds-ca-2019 are set to expire between May 2024 and October 2024. If you use or plan to use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) with certificate verification to connect to your RDS Multi-AZ deployment with two readable standbys, you can now use one of the new CA certificates rds-ca-rsa2048-g1, rds-ca-rsa4096-g1, or rds-ca-ecc384-g1 to replace the Amazon RDS Certificate Authority certificates rds-ca-2019.
Amazon RDS manages the DB server certificate on the database when you use the rds-ca-rsa2048-g1, rds-ca-rsa4096-g1, or rds-ca-ecc384-g1 CA with your Amazon RDS Multi-AZ deployment with two readable standbys. Amazon RDS rotates the DB server certificate automatically before it expires. See the Amazon RDS User Guide for more information about rotating the certificates for your RDS Multi-AZ deployment with two readable standbys.
To view information about the CA for your Amazon RDS Multi-AZ deployment with two readable standbys, navigate to the Connectivity & security tab for one of the DB instances within the cluster in the console. See the Amazon RDS User Guide for instructions to update your CA certificate. You can create or update a fully managed Amazon RDS Multi-AZ database with two readable standbys in the Amazon RDS Management Console.