Configure SSL between RDS MySQL DB and JBoss Connection Pool / DMS endpoint | DevsDay.ru

IT-блоги Configure SSL between RDS MySQL DB and JBoss Connection Pool / DMS endpoint

dev.to 11 июня 2021 г.


Background:

  • Need to enable End to End encryption for connectivity between Apps and RDS DB.
  • This document is to provide the steps that apps can follow to achieve it.

Note:
On MYSQL RDS side, enforcing SSL on connection is not supported. The “parameter=require_secure_transport” is not modifiable.

  • If you have enabled Performance Insight (require medium EC2 type at minimum, else the option won’t be available).

  • You can run the select command like below to confirm the user connection is using SSL. The alter command is to force the userid connecting to connect only via SSL.

ALTER USER 'useradmin'@'%' REQUIRE SSL;

SELECT id, user, host, connection_type
       FROM performance_schema.threads pst
       INNER JOIN information_schema.processlist isp
       ON pst.processlist_id = isp.id;

Steps:

Using mysql client, you can test the ssl connection.

mysql -h <hostname> -uuseradmin -pmypasswd --ssl-ca=c:/appls/mysql/rds-ca-2019-root.pem --ssl-mode=VERIFY_CA

where rds ca root pem is from [https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem]. Take note that the “ — ssl-ca” and “ — ssl-mode” parameter are optionals.

  • To confirm if the mysql client connection is using SSL or not, check if SSL cipher is not empty.

1

  • If the user “useradmin” tries to connect without ssl, you will get an error if the admin had configured the user to required SSL to connect.

  • To see which host it is connecting,

2

  • Example of creating a datasource that will use TLS1.2,
jdbc:mysql://<db-host>:3306/demomysql?enabledTLSProtocols=TLSv1.2

Reference:

[https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html]

Источник: dev.to

Наш сайт является информационным посредником. Сообщить о нарушении авторских прав.

aws rds dms ssl