When I look at unencrypted connections to my RDS instance, I see 2 from the rdsadmin user. These are not coming from my application, and must be managed by AWS. Is there any documentation about these, or how to force them to use encryption?
select * from pg_stat_ssl join pg_stat_activity on pg_stat_ssl.pid = pg_stat_activity.pid where ssl = 'f';
-[ RECORD 1 ]----+---------------------------------
pid | 15497
ssl | f
version |
cipher |
bits |
client_dn |
client_serial |
issuer_dn |
datid | 16384
datname | rdsadmin
pid | 15497
leader_pid |
usesysid | 10
usename | rdsadmin
application_name | PostgreSQL JDBC Driver
client_addr |
client_hostname |
client_port | -1
backend_start | 2023-08-10 10:49:38.897878+00
xact_start |
query_start | 2023-08-24 00:04:46.134798+00
state_change | 2023-08-24 00:04:46.134818+00
wait_event_type | Client
wait_event | ClientRead
state | idle
backend_xid |
backend_xmin |
query_id |
query | SELECT value FROM rds_heartbeat2
backend_type | client backend
-[ RECORD 2 ]----+---------------------------------
pid | 6860
ssl | f
version |
cipher |
bits |
client_dn |
client_serial |
issuer_dn |
datid | 16384
datname | rdsadmin
pid | 6860
leader_pid |
usesysid | 10
usename | rdsadmin
application_name |
client_addr |
client_hostname |
client_port | -1
backend_start | 2023-08-12 20:39:03.838202+00
xact_start |
query_start | 2023-08-24 00:04:52.645568+00
state_change | 2023-08-24 00:04:52.645632+00
wait_event_type | Client
wait_event | ClientRead
state | idle
backend_xid |
backend_xmin |
query_id | 3694949039461716331
query | COMMIT
backend_type | client backend
