2

If you've received the following email from AWS: Update Your Amazon RDS SSL/TLS Certificates by February 5, 2020,
you probably aware that SSL certs rotation procedure will cause an outage even for Amazon Aurora https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html

enter image description here

My question is:

Is there a way to avoid downtime during MySQL RDS SSL Certs rotation?

Dmitriy Royzenberg
  • 51
  • 3

1 Answers1

2

To avoid downtime during SSL Certs rotation, you can use the approach described in this issue https://dba.stackexchange.com/questions/55611/what-is-the-optimal-way-to-upgrade-production-rds-instance/203896#203896

First, you need to temporary launching a Master-Master configuration for your MySQL RDS database. Then update SSL cert on the new Master and finally gracefully switch application traffic without incurring downtime.

You can also find more ideas on it here: https://workmarket.tech/rotating-rds-ssl-certificates-without-downtime-acd788a93ce7

I hope it helps.

Dmitriy Royzenberg
  • 51
  • 3
  • I take the logic holds for other type of RDBMS (such as Postgresql)? – thoroc Jan 09 '20 at 10:37
  • 1
    Since Postgres doesn't support M/M out fo the box, I don't think you can easily do it. But I see people posting some solutions: https://resources.2ndquadrant.com/upgrade-Postgresql?utm_source=adwords&utm_medium=ppc&utm_campaign=North+America+-+20151020&utm_term=&hsa_mt=b&hsa_ad=407445639248&hsa_cam=386030289&hsa_grp=87105984956&hsa_acc=8827627379&hsa_ver=3&hsa_src=g&hsa_kw=&hsa_tgt=dsa-437115340933&hsa_net=adwords&gclid=EAIaIQobChMI__jM_rb55gIVCZyzCh0n-wBsEAAYASAAEgKwUPD_BwE. AND https://severalnines.com/database-blog/postgresql-high-availability-master-slave-master-master-architectures – Dmitriy Royzenberg Jan 10 '20 at 16:42
  • Thank you for pointing it out. I am not a DBA by trade, but the second link point to solutions based on pgpool and pgboucer that I have been told might be something to look into for M/M somewhat equivalence. – thoroc Jan 13 '20 at 08:01