The default Aurora cluster parameter group defaults to enabling TLS/SSL connections. The PostgreSQL JDBC driver supports TLS connections and will prefer them over unencrypted connections.
Our sample Java app uses jlink to create a minified JRE to reduce the Docker image size. Some java.security.Provider implementations are not included by default resulting in runtime errors. We need to add a couple of cryptography modules to the minified JRE to successfully connect to the Aurora PG cluster over TLS.
Reproduction Steps
Configure your application following the steps in the the Getting Started guide and be sure to choose Aurora PostgreSQL as the database type.
Onboard a tenant and note that the ECS task fails to completely launch because of an SSL Handshake error trying to make a connection to Aurora.
PoeppingT
commented
1 year ago
The default Aurora cluster parameter group defaults to enabling TLS/SSL connections. The PostgreSQL JDBC driver supports TLS connections and will prefer them over unencrypted connections.
Our sample Java app uses jlink to create a minified JRE to reduce the Docker image size. Some
java.security.Providerimplementations are not included by default resulting in runtime errors. We need to add a couple of cryptography modules to the minified JRE to successfully connect to the Aurora PG cluster over TLS.Reproduction Steps
Configure your application following the steps in the the Getting Started guide and be sure to choose Aurora PostgreSQL as the database type. Onboard a tenant and note that the ECS task fails to completely launch because of an SSL Handshake error trying to make a connection to Aurora.
This is :bug: Bug Report