aws-rfdk
aws-rfdk copied to clipboard
chore(integ): use new RDS CA certificate for DocDB instances
Notes
The RDS CA certificate used by DocDB instances deployed by RFDK is expiring in August 2024. See https://docs.aws.amazon.com/documentdb/latest/developerguide/ca_cert_rotation.html
This PR changes the DocDB instances deployed by our integration tests to use the newer RDS CA certificate. We still need to do this for RFDK itself in a future PR.
Testing
- Ran the integration tests in my account and verified the CFN templates had the AWS::DocDB::DBInstance.CACertificateIdentifier property set to the newer certificate ID
rds-ca-rsa4096-g1
- Also verified in the AWS console that the DB instance was using the newer RDS CA certificate.
Example CFN template snippet:
"StorageStruct1RepositoryDocumentDatabaseInstance1670329EE": {
"Type": "AWS::DocDB::DBInstance",
"Properties": {
"AutoMinorVersionUpgrade": true,
"CACertificateIdentifier": "rds-ca-rsa4096-g1",
"DBClusterIdentifier": {
"Ref": "StorageStruct1RepositoryDocumentDatabase8BA714C4"
},
"DBInstanceClass": "db.r5.large",
"Tags": [
{
"Key": "aws-rfdk",
"Value": "1.3.0:Repository"
}
]
},
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete",
"Metadata": {
"aws:cdk:path": "RFDKInteg-DL-ComponentTier1705531747651705277/StorageStruct1/Repository/DocumentDatabase/Instance1"
}
}
AWS Console screenshot showing CA cert is applied:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license