Skip to content

Commit

Permalink
Add new RDS CA root/intermediate certs.
Browse files Browse the repository at this point in the history 
Only Router API uses this AFAICT. At some point we'll have to switch its
RDS instance to use the new CA and then it'll need the new roots.

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL
  • Loading branch information
@sengi
sengi committed Nov 8, 2023
1 parent 0bad15e commit 5d93888
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions base.Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,9 @@ ENV APP_HOME=/app \
TZ=Europe/London

# Amazon RDS cert bundle for connecting to managed databases over TLS.
# TODO: remove rds-combined-ca-bundle.pem once Router API is using global-bundle.pem.
ADD https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem /etc/ssl/certs/rds-combined-ca-bundle.pem
ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /etc/ssl/certs/rds-global-bundle.pem

# Wrap Ruby binaries in a script that sets up a TMPDIR that Ruby will accept.
# TODO: remove this when Ruby allows disabling its permissions checks on /tmp.
Expand Down

0 comments on commit 5d93888

Please sign in to comment.