Menu
I have a Rails app on Elastic Beanstalk using an Amazon RDS PostgreSQL instance.
I'd like pg to use SSL to connect to this DB.
Following http://docs.aws.amazon.com/AmazonRDS/[...], I saved rds-combined-ca-bundle.pem at /config/ca/rds.pem and my database.yml looks like this:
production:
adapter: postgresql
database: <%= ENV['DB_NAME'] %>
username: <%= ENV['DB_USERNAME'] %>
password: <%= ENV['DB_PASSWORD'] %>
host: <%= ENV['DB_ADDRESS'] %>
port: <%= ENV['DB_PORT'] %>
sslmode: 'require'
sslrootcert: 'config/ca/rds.pem'
But I have no idea if it's really using SSL: I can change sslrootcert path to anything, and my app is still up. What am I missing?
965
In your database.yml you have to use sslmode: 'verify-full' instead of sslmode: 'require' in order to verify the instance endpoint against the endpoint in the SSL certificate. This way the certificate is used.
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
