search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.55k stars 3.87k forks source link

chore(rds): deprecate CA certificate rds-ca-2019 #31387

Closed go-to-k closed 2 weeks ago

go-to-k commented 2 weeks ago

Reason for this change

The certificate rds-ca-2019 expired in August, 2024.

Amazon RDS Certificate Authority certificates rds-ca-2019 are set to expire in August, 2024.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

I also confirmed in CLI:

❯ aws rds describe-db-engine-versions --default-only --engine postgres
{
    "DBEngineVersions": [
        {
            ...
            ...
            "SupportedCACertificateIdentifiers": [
                "rds-ca-ecc384-g1",
                "rds-ca-rsa4096-g1",
                "rds-ca-rsa2048-g1"
            ],
        }
    ]
}

CFn deploy errors:

Resource handler returned message: "Certificate not found: rds-ca-2019 (Service: Rds, Status Code: 404, Request ID: ..."

Description of changes

Deprecate the certificate.

Description of how you validated changes

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

mergify[bot] commented 2 weeks ago

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

mergify[bot] commented 2 weeks ago

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

go-to-k commented 2 weeks ago

@GavinZZ

Thanks for your approval. The merge is failing, could you please try again?

aws-cdk-automation commented 2 weeks ago

AWS CodeBuild CI Report

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

mergify[bot] commented 2 weeks ago

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

github-actions[bot] commented 2 weeks ago

Comments on closed issues and PRs are hard for our team to see. If you need help, please open a new issue that references this one.