Cant connect to DB using TLS and cant use ssl-ca option

[adelca]

Hi, I can connect to my RDS aurora mysql 8 like this: mysql -h'<redacted>' -u'root' -p'<redacted>' --ssl-ca=./amazon-aurora-cluster-global-bundle.pem

But when I use this provider, using this config:

provider "mysql" {
  endpoint = "<redacted>>"
  username = "root"
  password = "<redacted>"

  tls = true
}

I am getting this error: Error: failed to connect to MySQL: could not create new connection: could not connect to server: tls: failed to verify certificate: x509: “Amazon RDS us-east-1 Subordinate CA RSA2048 G1.A.5” certificate is not trusted

So then I move on to use custom_tls argument but it is asking me to also provide values that I dont have or need at all and dont want to go down the rabbit hole to create them since I dont need them using mysql client:

provider "mysql" {
  endpoint = "<redacted>>"
  username = "root"
  password = "<redacted>"

  tls = true
  custom_tls {
 #   config_key  = "custom_key"
    ca_cert     = "./amazon-aurora-cluster-global-bundle.pem"
    client_cert = null
    client_key  = null
  } 
}

Error: The argument "custom_tls.0.client_key" is required, but no definition was found. Really, what I want is a way to pass ssl-ca argument, I have tried to use conn_params for fun but it does not help

[petoju]

Ok, I understand that issue and I don't believe this provider solves that issue now.

The only way to do it currently is to add that CA cert to your system certificate store (or use Docker to achieve the same isolated from your system). Then you can use the first option.

While it is possible it will be implemented once (someone will send a PR), I don't plan doing it now.

[adelca]

Thanks for responding!