I'm starting to use Amazon Web Service's Relational Database Server product (AWS RDS) and want to confirm I have not made a security blunder.
My configuration:
- Postgres
- Publicly accessible
- Inbound rule on security group added for "PostgreSQL / My IP"
These options enable me to use pgAdmin to connect and populate data. I've tried to determine the auth-method used in AWS RDS Postgres without success.
Am I transmitting my password in clear text when I connect with pgAdmin?
Edit:
I'm starting to think my fears are warranted. This is what I've learned:
- Directions for Using SSL with PostgreSQL DB Instance suggests it's not the default
- The 'SSL' option in my pgAdmin connection properties has no options (prob'ly because I haven't setup certificates)
Best Answer
From what I can gather, SSL is usually being used. What varies is the level to which server certificates are verified.
Reading the guide from Amazon is helpful albeit lengthy.
Things to remember...
To determine if SSL is on (apparently this requires a plugin but works by default on AWS RDS):
There is a ~/.pgpass file that automatically supplies passwords when using psql (this confused me for a while)
SSL is still on with this command however (no sslmode,sslrootcert):
This will not connect because root cert is not supplied:
I never established a non-SSL connection however it is possible to prevent non-SSL connections to a DB instance with a parameter on the server: rds.force_ssl