Amazon RDS for SQL Server Supports Forced SSL
You can now use Secure Sockets Layer (SSL) to enforce encrypted connections between your client applications and your Amazon RDS DB instances running Microsoft SQL Server. SSL support is available in all AWS regions for all supported SQL Server editions. To see the supported editions and versions of Microsoft SQL Server, please visit our documentation page.
Amazon RDS creates an SSL certificate for your SQL Server DB instance when the instance is created. The SSL certificate includes the DB instance endpoint as the Common Name (CN) for the SSL certificate to guard against spoofing attacks. Please note that all SQL Server instances created after August 5, 2014, use the DB instance endpoint in the Common Name (CN) field of the SSL certificate. Prior to August 5, 2014, SSL certificate verification was not available for VPC-based SQL Server instances. If you have a VPC-based SQL Server DB instance that was created before August 5, 2014, and you want to use SSL certificate verification, please ensure that the instance endpoint is included as the Common Name for the SSL certificate for that DB instance and then rename the instance. When you rename a DB instance, a new certificate is deployed and the instance is rebooted to enable the new certificate.
For more information, please visit our documentation page.