I'm running a PostgreSQL 9.4.x instance on Amazon RDS. I can successfully connect to that server using SSL using a command line similar to this one:
psql "host=x.y.z.rds.amazonaws.com dbname=aaa user=bbb sslmode=verify-full"
How can I force clients to use SSL (to make eavesdropping harder)? The following should fail to connect:
psql "host=x.y.z.rds.amazonaws.com dbname=aaa user=bbb sslmode=disable"
As far as I can tell, on Amazon RDS you can't edit pg_hba.conf
, so I can't put hostssl
entries in there.
This AWS blog post suggests how it could be done with MySQL, but I can't find links to similar information for PostgreSQL.
My motivation is to prevent myself (or other users) from accidentally transmitting sensitive information unencrypted across the network.
Best Answer
Looks like this has finally been added. From the docs: