In case you have sensitive data within your RDS instance, you want to use encrypted connections between your application and RDS instances. If you're using MySQL on RDS, here's what to do:

1. Download the AWS CA file and copy it to the machine you want to connect from: http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem
   As far as I could find out, you (currently) cannot access further details of the SSL configuration (such as public key).

2. Try to connect using MySQL client

   % mysql -uyour_username -p -h rds_hostname_from_management_cockpit.eu-west-1.rds.amazonaws.com --ssl --ssl-ca=/path/to/mysql-ssl-ca-cert.pem

3. Use this statement to check whether a secure connection is used:

   SHOW STATUS LIKE '%ssl_ciph%';

   It should return something like this

   | Variable_name | Value |
   +-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
   | Ssl_cipher | AES256-SHA |
   | Ssl_cipher_list | AES256-SHA:AES128-SHA:DES-CBC3-SHA:DES-CBC-SHA:RC4-SHA:RC4-MD5:RC4-MD5:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA |

4. To make your Rails application use SSL, modify config/database.yml and add this:

   sslca: /path/to/mysql-ssl-ca-cert.pem

5. Ensure only encrypted connections are accepted on server-side. Therefore, run

   GRANT USAGE ON *.* TO 'encrypted_user'@'%' REQUIRE SSL

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot