A company security policy mandates that all connections to databases must be encrypted.
How can DBA enforce that all client connections to an Amazon Aurora PostgreSQL DB cluster are encrypted?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A.
Option A is CORRECT because the rds.force_ssl parameter must be set to 1 to require client connection to RDS databases to be encrypted.
Option B is incorrect because -ssl_mode option is used by the MySQL client when establishing a connection to a server.
Option C is incorrect because encrypt option is used by client applications to set connection encryption mode when connecting to a SQL Server database.
Option D is incorrect because ALTER USER SQL command can be used to require SSL for a specific user, not all clients.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Security.html#AuroraPostgreSQL.Security.SSLThe correct answer is A. Set rds.force_ssl parameter to 1.
Explanation: Amazon Aurora PostgreSQL DB cluster supports SSL/TLS encryption for connections. In order to enforce that all client connections are encrypted, the rds.force_ssl parameter needs to be set to 1.
Option B, Set -ssl-mode to REQUIRED, is not applicable for Aurora PostgreSQL as it is a MySQL command.
Option C, Set encrypt parameter to true, is also not applicable for Aurora PostgreSQL as there is no such parameter available for this engine.
Option D, Execute ALTER USER SQL command with REQUIRE SSL option, is applicable for PostgreSQL but not for Aurora PostgreSQL.
Therefore, the correct answer is A. Set rds.force_ssl parameter to 1. This parameter can be set in the Parameter Group settings for the Aurora PostgreSQL cluster, or through the AWS CLI or SDK. When this parameter is set to 1, all client connections will be required to use SSL/TLS encryption, ensuring compliance with the company's security policy.