Skip to content

Commit

Permalink
chore(rds): deprecate CA certificate rds-ca-2019 (#31387)
Browse files Browse the repository at this point in the history 
### Reason for this change



The certificate `rds-ca-2019` expired in August, 2024.

> Amazon RDS Certificate Authority certificates rds-ca-2019 are set to expire in August, 2024.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

I also confirmed in CLI:

```
❯ aws rds describe-db-engine-versions --default-only --engine postgres
{
    "DBEngineVersions": [
        {
            ...
            ...
            "SupportedCACertificateIdentifiers": [
                "rds-ca-ecc384-g1",
                "rds-ca-rsa4096-g1",
                "rds-ca-rsa2048-g1"
            ],
        }
    ]
}
```

CFn deploy errors:

```
Resource handler returned message: "Certificate not found: rds-ca-2019 (Service: Rds, Status Code: 404, Request ID: ..."
```

### Description of changes



Deprecate the certificate.

### Description of how you validated changes



### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@go-to-k
go-to-k authored Sep 12, 2024
1 parent 4b90bfc commit aedf617
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
export class CaCertificate {
/**
* rds-ca-2019 certificate authority
* @deprecated rds-ca-2019 expired in August, 2024.
*/
public static readonly RDS_CA_2019 = CaCertificate.of('rds-ca-2019');

Expand Down

0 comments on commit aedf617

Please sign in to comment.