Requiring SSL/TLS for all connections to a MariaDB DB instance on Amazon RDS

Use the require_secure_transport parameter to require that all user connections to your MariaDB DB instance use SSL/TLS. By default, the require_secure_transport parameter is set to OFF. You can set the require_secure_transport parameter to ON to require SSL/TLS for connections to your DB instance.

Note

The require_secure_transport parameter is only supported for MariaDB version 10.5 and higher.

You can set the require_secure_transport parameter value by updating the DB parameter group for your DB instance. You don't need to reboot your DB instance for the change to take effect.

When the require_secure_transport parameter is set to ON for a DB instance, a database client can connect to it if it can establish an encrypted connection. Otherwise, an error message similar to the following is returned to the client:


ERROR 1045 (28000): Access denied for user 'USER'@'localhost' (using password: YES | NO)

For information about setting parameters, see Modifying parameters in a DB parameter group in Amazon RDS.

For more information about the require_secure_transport parameter, see the MariaDB documentation.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Requiring SSL/TLS for users

Connecting with SSL/TLS from CLI