All scheduled maintenance on customer RDS instances has now been completed. Each instance is now using the newest RDS CA certificates. If you are experiencing any related issues, please email support@cloud.gov. Thank You
Posted May 17, 2022 - 09:04 EDT
In progress
Scheduled maintenance is currently in progress. We will provide updates as necessary.
Posted May 09, 2022 - 10:00 EDT
Scheduled
This message is to let you know about scheduled maintenance to cloud.gov’s relational database service (RDS).
What is happening and what is the impact on cloud.gov customers?
Amazon Web Services is retiring older RDS Certificate Authority (CA) certificates on May 18th, 2022 and replacing them with newer and stronger certificates. As part of this process, cloud.gov has scheduled this update to customer RDS instances to make this change ahead of the May 18th deadline.
How to tell if this change will affect you ?
This change will not impact you if: * You are not using a cloud.gov RDS service * You are not using SSL/TLS with your cloud.gov RDS instance *You are using an RDS service instance, but it was created before March 21, 2022
For affected customers:
This change only applies to cloud.gov customers that utilize SSL/TLS based communications inside their applications to the RDS instances they have created on the platform. Since the application source code is customer-specific and outside the control of cloud.gov, the utilization of SSL/TLS for applications varies. Customers are advised to check their applications, specifically the portions of their applications that connect to cloud.gov RDS instances, for how these applications connect to the cloud.gov RDS instances. Some general items/terms to look for include enable SSL, force SSL, sslmode, encrypt connection, verify-ca, –ssl, and various TLS terms including ca and cert/certificate. Please consult your documentation for your specific application for additional information.
cloud.gov has also already included the new RDS CA certificate bundles on the platform for some time now and are available to all customer instances in the certificate store. If your application relies on certificates provided by the platform in your application then you do not need to make any changes at this time.
For cloud.gov customers that utilize our RDS services with TLS/SSL and need to supply their application the specific CA certificates used, they are available as a bundle directly from Amazon and available here (scroll down to the bottom and select the bundle for AWS GovCloud [US-West] ): https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Timeframe:
These scheduled updates will take place after hours starting May 10th through May 18th during normal RDS maintenance windows assigned at random to customer RDS instances at the time they are created. cloud.gov customers do not need to schedule this change themselves.
If you have any questions or concerns, please contact us at support@cloud.gov.