In AWS's direct postgres offering RDS Postgres, you can require SSL by setting the parameter group item rds.force_ssl
to 1.
This is as per the RDS postgres documentation: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL
However Aurora Postgres does not have this parameter item, and there is no ability to add new parameters either. How do you turn on require ssl for an Aurora instance?
I can see in the Aurora version that it supports SSL:
create extension sslinfo;
select ssl_is_used();
select ssl_cipher();
And I can optionally connect via ssl:
psql -h my-ssl-test1.cwzhlddlylx.us-east-1.rds.amazonaws.com -p 5432
-U myuser -d mydb sslrootcert=rds-ca-2015-root.pem sslmode=verify-full
Best Answer
For Aurora Postgres, there's two relevant cluster-level parameters (note they're not instance-level parameters):
rds.force_ssl
andssl
. I haven't tested this myself but you should be able to modify them in the usual way using DB Parameter Groups.