To protect communications with RDS database instances, a Certificate Authority (CA) generates time-bound certificates that are checked by database client software to authenticate any RDS database instance(s) before exchanging information. As of September 19, 2019, Amazon RDS has published new Certificate Authority (CA) certificates for connecting to your RDS DB instances using SSL/TLS. This is part of AWS security best practice, for information about the new certificates and the supported AWS Regions, see Using SSL/TLS to Encrypt a Connection to a DB Instance. Doing this means we can avoid interruption of connectivity between applications and RDS DB instances. If the change is not completed, applications will fail to connect to your RDS DB instances using SSL/TLS after March 5, 2020.
Update POSTGRES RDS CA-Certificates to 2019 Version. This update will include slave instances as well.
2. Not scheduled yet - Update all RDS master and single instance
Approximately there will be a downtime around ~5 minutes for every RDS instances after we apply the updates. There will be no changes needed for our services because we use HTTP protocol when connect to RDS.
Supply Engineers: @aris.darmawan