Amazon Web Services (AWS) is performing a SSL CA Cert rotation on all Postgres-2.0 Instances in the US-West and EU-Central. This affects only those customers/applications that use SSL to connect to DB Instances in Postgres-2.0 service. But we do not have a way to ascertain which of our customers or their applications use SSL for connecting to Postgres databases.
Hence, we need to send the following communication out to all our customers.
What is happening?
The SSL certificates, that represent the Certificate Authority, installed on Postgres-2.0 DB Instances are expiring. These certificates are being replaced with new certificates.
Am I affected?
If any of your applications use SSL to connect to a DB Instance in Postgres-2.0 service, then you are affected.
If you do not use Postgres-2.0 service, or if you use Postgres-2.0 service but your applications do not use SSL to connect to database, then you are NOT affected by this update.
What do I need to do?
If you are affected, please read the linked documentation below for the exact details published by Amazon Web Services, the infrastructure provider for Predix Platform. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html
The following article also provides some details and an example. https://aws.amazon.com/blogs/aws/urgent-important-rotate-your-amazon-rds-aurora-and-documentdb-certificates/
1. Download new certificate bundle, CA-2019, from AWS https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
2. Update your application to use this new certificate bundle
What is the timeline for this update?
Sometime soon after February 5th, 2020, we will restart the Postgres-2.0 DB Instances during their respective Maintenance Windows. Please see below on how to find out the Maintenance Window that applies to your DB Instance.
If you'd not like us to restart the DB Instances in your Cloud Foundry Org, you need to create a Support ticket with Predix Support team to request an exception.
What is my DB Instance's Maintenance Window?
Please refer to the section Maintenance Window in Postgres-2.0 Service documentation, linked below, for the details. https://docs.predix.io/en-US/content/service/data_management/sql_database/