Enable SSL in RDS Requests by Datadog

[joyliu-q]

Right now, Datadog is connecting to the database with no encryption of the password.

FATAL: no pg_hba.conf entry for host "[IP_ADDRESS]", user "datadog", database "postgres", no encryption

Because RDS configuration of postgres 15 by default requires SSL, Datadog's connection requests would be rejected and it will keep trying to connect, spamming the database.

We currently disabled this SSL requirement but need to fix it long-term by enabling SSL in RDS requests made by Datadog.

Method

When renewing certificate for RDS, we may need to export the public key from database, add the ca certificate to Datadog.

[esinx]

In future, we may want to add ?sslmode=require in the client URI to make sure that SSL compatible clients use SSL to connect to the RDS instance. Postgres won't tell you what went wrong with the client's attempt to connect, we just have to make sure that we are using SSL.