AWS Security ChangesHomeSearch

AWS AmazonRDS medium security documentation change

Service: AmazonRDS · 2025-02-27 · Security-related medium

File: AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md

Summary

Added new section about SSL certificate issues in RDS Custom DB instances, including a PowerShell command to identify non self-signed certificates

Security assessment

The change addresses SSL certificate configuration issues that could lead to security vulnerabilities by identifying and removing non self-signed certificates from the trusted root certificate store.

Diff

diff --git a/AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md
index 078247f27..e563c7a69 100644
--- a/AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md
+++ b/AmazonRDS/latest/UserGuide/custom-troubleshooting-sqlserver.md
@@ -288,0 +289,7 @@ If the agent can't start, check the Windows Events to see why it can't start. Th
+`SP-2009` | SSL Certificate |  **`The RDS Custom DB instance is set to [Unsupported configuration] because of: Non self-signed SSL certificate(s) causing disruption in RDS. To resolve this issue, remove the non self-signed certificate(s) from the trusted root certificate store.`** |  Run the following PowerShell command to review non self-signed certificate(s).
+    
+    
+    Get-ChildItem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject -and $_.Issuer -notlike "*RDSCustomAgentCA*"}
+
+For more information, see [ HTTP Error 403.16 when you try to access a website that's hosted on IIS](https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/iis/site-behavior-performance/http-403-forbidden-access-website).  
+