Securing app DB connections with SSL/TLS in AWS

In this example. I will illustrate steps to

1. download RDS SSL certificates
2. Add them to java key store
3. Configure JDBC configuration to use SSL certificates
4. Test whether a database client connection is in encrypted mode

Download SSL certification the AWS site below

Using SSL/TLS to Encrypt a Connection to a DB Instance

Next download mysql & postgres database JDBC drivers (We test both database connections) and stage them in a director.

For example mysql jdbc driver setup

Next add RDS certificate to java keystore

Next test the connection. As of mysql version 5.6, there isn’t a table store client connections data to query. So, you need to write code to test yourself from database in memory view.

Enforce connections in SSL mode on database.

mysql> GRANT USAGE ON *.* TO ‘skondla’@’%’ REQUIRE SSL;

In this example below, I used java program to connect and test. Typically you would use jdbc configuration outside your code.

Compile and run program

$ javac TestMySQLSSLConn.java

With SSL on

$ java TestMySQLSSLConn
Variable_name: Ssl_cipher
Value: AES128-SHA

With SSL off

$ java TestMySQLNOSSLConn
Variable_name: Ssl_cipher
Value:

Next we download postgres jdbc driver, test postgres database connections

Download

write a sample postgres db client java program

Compile and run

$ javac TestPostgresSSLConn.java

Verify connections status on the backend database

Connections status