Enable SSL encryption to RDS system

Kong / kong-terraform-aws

Kong Terraform Module for AWS

Other

85 stars 43 forks source link

Enable SSL encryption to RDS system #10

Open lorenzoaiello opened 4 years ago

lorenzoaiello commented 4 years ago

It would be great if we could enable SSL encryption from the Kong nodes to RDS.

Based on the Kong docs, it appears to be possible: https://docs.konghq.com/1.4.x/configuration/#postgres-settings

DennoVonDiesel commented 4 years ago

Definitely doable. The kong nodes could download the certificate and specify it in the lua_ssl_trusted_certificate setting. This could be optional/bool toggle to turn it off and on. I'll need to check if this can be prioritized, but in the mean time happy to accept a PR.

lorenzoaiello commented 4 years ago

I'm not sure we actually need to download and set the certificate since they are publicly signed certs and we are using the native RDS DNS endpoint.