Facilitate use of TLS - Githubissues

aidansteele / rdsconn

rdsconn makes connecting to an AWS RDS instance inside a VPC from your laptop easier

MIT License

108 stars 6 forks source link

Facilitate use of TLS #2

Open sftim opened 1 year ago

sftim commented 1 year ago

According to https://www.postgresql.org/docs/15/libpq-connect.html#LIBPQ-PARAMKEYWORDS, psql lets you set a hostaddr to bypass the DNS lookup.

This is a feature request for rdsconn to set that host address, so that the hostname can match the actual RDS hostname, and the client code can then do X.509 certificate verification (sslmode=verify-full).

A related tweak would be to support passing sslrootcert as the path to the RDS root CA.

aidansteele commented 1 year ago

Just FYI the EC2 Instance Connect service can no longer be used for ports other than 22 and 3389 (see #5). I'll keep this issue open as a feature request in case the restriction is removed in the future.