Adding the SSL option - Amazon Relational Database Service

Adding the SSL option

To use SSL, your RDS for Oracle DB instance must be associated with an option group that includes the SSL option.

To add the SSL option to an option group

  1. Create a new option group or identify an existing option group to which you can add the SSL option.

    For information about creating an option group, see Creating an option group.

  2. Add the SSL option to the option group.

    If you want to use only FIPS-verified cipher suites for SSL connections, set the option FIPS.SSLFIPS_140 to TRUE. For information about the FIPS standard, see FIPS support.

    For information about adding an option to an option group, see Adding an option to an option group.

  3. Create a new RDS for Oracle DB instance and associate the option group with it, or modify an RDS for Oracle DB instance to associate the option group with it.

    For information about creating an DB instance, see Creating an Amazon RDS DB instance.

    For information about modifying an DB instance, see Modifying an Amazon RDS DB instance.

To add the SSL option to an option group

  1. Create a new option group or identify an existing option group to which you can add the SSL option.

    For information about creating an option group, see Creating an option group.

  2. Add the SSL option to the option group.

    Specify the following option settings:

    • Port – The SSL port number

    • VpcSecurityGroupMemberships – The VPC security group for which the option is enabled

    • SQLNET.SSL_VERSION – The TLS version that client can use to connect to the DB instance

    For example, the following AWS CLI command adds the SSL option to an option group named ora-option-group.

    Example

    For Linux, macOS, or Unix:

    aws rds add-option-to-option-group --option-group-name ora-option-group \
  --options 'OptionName=SSL,Port=2484,VpcSecurityGroupMemberships="sg-68184619",OptionSettings=[{Name=SQLNET.SSL_VERSION,Value=1.0}]'

    For Windows:

    aws rds add-option-to-option-group --option-group-name ora-option-group ^
  --options 'OptionName=SSL,Port=2484,VpcSecurityGroupMemberships="sg-68184619",OptionSettings=[{Name=SQLNET.SSL_VERSION,Value=1.0}]'

  3. Create a new RDS for Oracle DB instance and associate the option group with it, or modify an RDS for Oracle DB instance to associate the option group with it.

    For information about creating an DB instance, see Creating an Amazon RDS DB instance.

    For information about modifying an DB instance, see Modifying an Amazon RDS DB instance.