- 최신
- 최다 투표
- 가장 많은 댓글
Hello Team!
We hope you are well.
We understand that the Redshift External Schema connection fails after updating the RDS certificate authority to 'rds-ca-ecc384-g1'. This is caused by a failed SSL handshake between Redshift and RDS. This error is related to the recently updated CA: rds-ca-ecc384-g1 as Aurora Postgres DOES NOT support ECDHE-ECDSA ciphers which are required for ECC-based certificates i.e Redshift External Schema connections.
You can refer to the following documentation for more information: [+] https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Security.html#AuroraPostgreSQL.Security.SSL
Internally, we are working on adding support for this in a future release.
To remediate this issue temporarily, we suggest you to consider switching to a different certificate such as "rds-ca-rsa4096-g1" or "rds-ca-rsa2048-g1" and reboot the RDS cluster. Once the instances are rebooted, reattempt connections through Redshift federated query.
[+] Using SSL/TLS to encrypt a connection to a DB cluster - Certificate authorities - https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.RegionCertificateAuthorities
If the issue persists after changing to a different certificate, please raise a Support Case with the AWS team with the timestamp of the error, Redshift logs, as well as the exact error message received when attempting federated query connections through Redshift.
If a support case has already been created, please be assured that we will get back to you and assist you in the best way possible. [+] Creating support cases and case management - https://docs.aws.amazon.com/awssupport/latest/user/case-management.html
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
Thanks for the response! Just for clarity, the RDS database is not an Aurora Postgres instance. It is a MySQL RDS database. I'm assuming it's still the same issue though. Thanks!