You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/pages/[platform]/build-a-backend/data/connect-to-existing-data-sources/connect-postgres-mysql-database/index.mdx
+16-8Lines changed: 16 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,14 +40,6 @@ You must create a connection string using the following database information to
40
40
- Database **user password**
41
41
- Database **name**
42
42
43
-
<Calloutinfo>
44
-
45
-
**Only databases with certificates from well-known certificate providers are supported.** Support for databases using custom or self-signed SSL certificates is under active development.
46
-
47
-
Amplify's MySQL and PostgreSQL feature builds on top of [AWS Lambda](https://aws.amazon.com/lambda) with a Node.js runtime. By default, Node.js includes root certificate authority (CA) certificates from [well-known certificate providers](https://github.com/nodejs/node/issues/4175). Lambda Node.js runtimes up to Node.js 18 augments these certificates with Amazon-specific CA certificates, making it easier to create functions accessing other AWS services.
48
-
49
-
</Callout>
50
-
51
43
## Step 1 - Set secrets for database connection
52
44
53
45
First, provide all the database connection information as secrets, you can use the Amplify sandbox's secret functionality to set them or go to the Amplify console to set secrets in a shared environment:
@@ -123,6 +115,22 @@ However, there is a tradeoff of increased latency - queries may take slightly lo
123
115
124
116
</Accordion>
125
117
118
+
<Accordiontitle="Connecting to a database with a custom SSL certificate">
119
+
120
+
Amplify creates an [AWS Lambda](https://aws.amazon.com/lambda) function using a Node.js runtime to connect your AppSync API to your SQL database. The Lambda function connects to the database using Secure Socket Layer (SSL) or Transport Layer Security (TLS) to protect data in transit. Amplify automatically uses the correct root certificate authority (CA) certificates for Amazon RDS databases, and the Node.js runtime includes root CAs from [well-known certificate providers](https://github.com/nodejs/node/issues/4175) to connect to non-RDS databases.
121
+
122
+
However, if your database uses a custom or self-signed SSL certificate, you can upload the PEM-encoded public CA certificate of 4 KB or less to your Amplify project as a secret when you generate the database configuration, and specify that secret when generating the schema from your database:
123
+
124
+
```bash title="Terminal" showLineNumbers={false}
125
+
npx ampx sandbox secret set CUSTOM_SSL_CERT < /path/to/custom/ssl/public-ca-cert.pem
The Lambda function will then use the specified root CA to validate connections to the database.
130
+
131
+
When deploying your app to production, you need to [add the PEM-encoded public CA certificate as a secret](/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/#set-secrets). Make sure to add the certificate with the same secret name you used in the sandbox environment. For example, we used `CUSTOM_SSL_CERT` above. Make sure to preserve the newlines and the `------BEGIN CERTIFICATE------` and `------END CERTIFICATE------` delimiters in the value. Finally, make sure the size of the entire value does not exceed 4KB.
132
+
133
+
</Accordion>
126
134
127
135
This creates a new **schema.sql.ts** with a schema reflecting the types of your database. **Do not edit the schema.sql.ts file directly**. Import the schema to your **amplify/data/resource.ts** file and apply any additive changes there. This ensures that you can continuously regenerate the TypeScript schema representation of your SQL database without losing any additive changes that you apply out-of-band.
0 commit comments