Like many people I have updated my Amazon RDS Certificate to CA_2019 from CA_2015.
At first everything seemed fine but later on checking I noticed the mysql lambda function which i wrote to query the database is not working anymore..
Lambda is using nodejs 8.10
i get the following error:
{
"errorMessage": "unable to get local issuer certificate",
"errorType": "Error",
"stackTrace": [
"TLSSocket.<anonymous> (/var/task/node_modules/mysql2/lib/connection.js:383:46)",
"emitNone (events.js:106:13)",
"TLSSocket.emit (events.js:208:7)",
"TLSSocket._finishInit (_tls_wrap.js:639:8)",
"TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38)"
]
}
When I revert the change back to CA_2015 it works..
I didn't put any certificates or anything when writing the lambda function..
'use strict'
const AWS = require('aws-sdk')
const mysql = require('mysql2')
var dbPort = 3306
var dbUsername = 'enactor_lambda'
var dbName = 'rds_db_test'
var readerEndpoint = process.env.READER_ENDPOINT
var region = process.env.REGION
var topicArn = process.env.TOPIC_ARN
var alertBucket = process.env.ALERT_BUCKET
var queueThreshold = process.env.QUEUE_THRESHOLD
var pendingThreshold = process.env.PENDING_THRESHOLD
AWS.config.update({region: region})
var sns = new AWS.SNS()
var s3 = new AWS.S3()
var cloudwatch = new AWS.CloudWatch()
exports.handler = function (event, context, cb) {
var signer = new AWS.RDS.Signer()
signer.getAuthToken({
region: region,
hostname: readerEndpoint,
port: dbPort,
username: dbUsername
}, function (err, token) {
if (err) {
console.log(`Unable to retrieve authentication token (AWS.RDS.Signer.getAuthToken): ${err}`)
cb(err)
} else {
var connection = mysql.createConnection({
host: readerEndpoint,
port: dbPort,
user: dbUsername,
password: token,
database: dbName,
ssl: 'Amazon RDS',
multipleStatements: true,
authSwitchHandler: function (data, cb) {
if (data.pluginName === 'mysql_clear_password') {
cb(null, Buffer.from(token + '\0'))
}
}
})
connection.connect()
