Amazon Relational Database Service

User Guide (API Version 2014-10-31)

What Is Amazon RDS?
Setting Up
Getting Started
- Creating an Aurora DB Instance on an Aurora Cluster and Connecting to a Database
- Creating a MariaDB DB Instance and Connecting to a Database
- Creating a Microsoft SQL Server DB Instance and Connecting to a DB Instance
- Creating a MySQL DB Instance and Connecting to a Database
- Creating an Oracle DB Instance and Connecting to a Database
- Creating a PostgreSQL DB Instance and Connecting to a Database
- Tutorial: Create a Web Server and an Amazon RDS Database
  - Step 1: Create a DB Instance
  - Step 2: Create a Web Server
Tutorials
Best Practices
DB Instances
- DB Instance Class
- DB Instance Status
- DB Instance Storage
- Regions and Availability Zones
- High Availability (Multi-AZ)
- DB Instance Lifecycle
- Tagging RDS Resources
- Working with Read Replicas
- Working with Option Groups
- Working with DB Parameter Groups
- Working with ARNs
- Working with Reserved DB Instances
- Working with Storage
Backing Up and Restoring
- Working With Backups
- Creating a DB Snapshot
- Restoring from a DB Snapshot
- Copying a Snapshot
  - Copying a DB Snapshot
  - Copying a DB Cluster Snapshot
- Sharing a Snapshot
- Point-in-Time Recovery
- Tutorial: Restore a DB Instance from a DB Snapshot
Monitoring
- Enhanced Monitoring
- Performance Insights
  - Access Control for Performance Insights
  - Frequently Asked Questions
- Using Amazon RDS Event Notification
- Viewing Amazon RDS Events
- Database Log Files
- Logging Amazon RDS API Calls Using AWS CloudTrail
Security
- Authentication and Access Control
- Encrypting Amazon RDS Resources
- Using SSL to Encrypt a Connection
- IAM Database Authentication for MySQL and Aurora
- Amazon RDS Security Groups
- Working with DB Security Groups (EC2-Classic Platform)
- Master User Account Privileges
- Using Service-Linked Roles
- Using Amazon RDS with Amazon VPC
Amazon Aurora
- Overview of Amazon Aurora
- Creating a DB Cluster
  - Creating a VPC for Aurora
- Connecting to a DB Cluster
- Viewing a DB Cluster
- Migrating Data to a DB Cluster
- Managing a DB Cluster
- Monitoring a DB Cluster
- Replication with Aurora
- Cloning Databases in an Aurora DB Cluster
- Integrating with AWS Services
- Working with Aurora MySQL
- Working with Aurora PostgreSQL
- Best Practices with Aurora
- Aurora Updates
MariaDB on Amazon RDS
- Creating a DB Instance Running MariaDB
- Connecting to a DB Instance Running MariaDB
- Modifying a DB Instance Running MariaDB
- Upgrading the MariaDB DB Engine
- Migrating Data from a MySQL DB Snapshot to a MariaDB DB Instance
- Importing Data into a MariaDB DB Instance
- Options for MariaDB
- Parameters for MariaDB
- MariaDB on Amazon RDS SQL Reference
  - mysql.rds_set_external_master_gtid
  - mysql.rds_kill_query_id
Microsoft SQL Server on Amazon RDS
- Licensing SQL Server on Amazon RDS
- Creating a DB Instance Running SQL Server
- Connecting to a DB Instance Running SQL Server
- Modifying a DB Instance Running SQL Server
- Upgrading the SQL Server DB Engine
- Importing and Exporting SQL Server Databases
  - Importing and Exporting SQL Server Data Using Other Methods
- Multi-AZ Deployments for SQL Server with Database Mirroring
- Using SSL with a SQL Server DB Instance
- Options for SQL Server
  - Native Backup and Restore
  - Transparent Data Encryption
- Common DBA Tasks for SQL Server
- Advanced Administrative Tasks and Concepts for SQL Server
  - Using Windows Authentication with a SQL Server DB Instance
MySQL on Amazon RDS
- Creating a DB Instance Running MySQL
- Connecting to a DB Instance Running MySQL
- Modifying a DB Instance Running MySQL
- Upgrading the MySQL DB Engine
- Upgrading a MySQL DB Snapshot
- Importing Data into a MySQL DB Instance
- Exporting Data From a MySQL DB Instance
- Options for MySQL
  - MariaDB Audit Plugin
  - MEMCACHED
- Common DBA Tasks for MySQL
- Known Issues and Limitations
- MySQL on Amazon RDS SQL Reference
Oracle on Amazon RDS
- Creating a DB Instance Running Oracle
- Connecting to a DB Instance Running Oracle
- Modifying a DB Instance Running Oracle
- Upgrading the Oracle DB Engine
- Upgrading an Oracle DB Snapshot
- Importing Data into Oracle on Amazon RDS
- Oracle Character Sets
- Options for Oracle
- Common DBA Tasks for Oracle
- Tools and Third-Party Software for Oracle
- Oracle Database Engine Release Notes
  - Database Engine: 12.1.0.2
  - Database Engine: 11.2.0.4
PostgreSQL on Amazon RDS
- Creating a DB Instance Running PostgreSQL
- Connecting to a DB Instance Running the PostgreSQL Database Engine
- Modifying a DB Instance Running PostgreSQL
- Upgrading the PostgreSQL DB Engine
- Importing Data into PostgreSQL on Amazon RDS
- Common DBA Tasks for PostgreSQL
Limits
Troubleshooting
Amazon RDS API
- Using the Query API
- Troubleshooting Applications
Document History

Using SSL to Encrypt a Connection to a DB Instance

You can use SSL from your application to encrypt a connection to a DB instance running MySQL, MariaDB, Amazon Aurora, SQL Server, Oracle, or PostgreSQL. Each DB engine has its own process for implementing SSL. To learn how to implement SSL for your DB instance, use the link following that corresponds to your DB engine:

A root certificate that works for all regions can be downloaded at https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem. It is the trusted root entity and should work in most cases but might fail if your application doesn't accept certificate chains. If your application doesn't accept certificate chains, download the AWS Region–specific certificate from the list of intermediate certificates found later in this section.

Note

All certificates are only available for download using SSL connections.

A certificate bundle that contains both the old and new root certificates can be downloaded at https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem .

If your application is on the Microsoft Windows platform and requires a PKCS7 file, you can download the PKCS7 certificate bundle that contains both the old and new certificates at https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.p7b .

Intermediate Certificates

You might need to use an intermediate certificate to connect to your region. For example, you must use an intermediate certificate to connect to the AWS GovCloud (US) region using SSL. If you need an intermediate certificate for a particular AWS Region, download the certificate from the following list:

Asia Pacific (Mumbai)

Asia Pacific (Tokyo)

Asia Pacific (Seoul)

Asia Pacific (Osaka-Local)

Asia Pacific (Singapore)

Asia Pacific (Sydney)

Canada (Central)

China (Beijing)

China (Ningxia)

South America (São Paulo)

US East (N. Virginia)

US West (N. California)

US West (Oregon)

AWS GovCloud (US) (CA-2017)

AWS GovCloud (US) (CA-2012)

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

On this page:

Intermediate Certificates