BUG: Aurora DSQL power / MCP fails due to SSL cert errors #5
Description
MacOS 15.7.2 Sequoia
Apple M1
The Aurora DSQL power will fail due to "power-aurora-dsql-aurora-dsql" / "awslabs.aurora-dsql-mcp-server@latest" failing with SSL cert errors:
2025-12-04 11:13:53.057 [warning] [power-aurora-dsql-aurora-dsql] Log from MCP Server: 2025-12-04 11:13:53.057 | INFO | awslabs.aurora_dsql_mcp_server.server:get_connection:484 - Creating new connection to .dsql.us-east-2.on.aws as user admin
2025-12-04 11:13:53.376 [warning] [power-aurora-dsql-aurora-dsql] Log from MCP Server: 2025-12-04 11:13:53.376 | ERROR | awslabs.aurora_dsql_mcp_server.server:get_connection:491 - Failed to create connection due to error : connection failed: connection to server at "#.#.#.#", port 5432 failed: SSL error: certificate verify failed
2025-12-04 11:13:53.376 [warning] [power-aurora-dsql-aurora-dsql] Log from MCP Server: 2025-12-04 11:13:53.376 | ERROR | awslabs.aurora_dsql_mcp_server.server:main:648 - Failed to create and validate db connection to Aurora DSQL. Exit the MCP server. error: connection failed: connection to server at "#.#.#.#", port 5432 failed: SSL error: certificate verify failed
We add SSL certificate guidance to the steering files to enable new users of AWS and AWS databases that have not gone through the SSL certificate installation process:
https://docs.aws.amazon.com/aurora-dsql/latest/userguide/configure-root-certificates.html
Additional data:
The only way I can connect to DSQL on my mac (libpq/psql v18) is using these options after manually installing Amazon Root CA 1 locally (pre-installed in system does not work):
PGSSLROOTCERT=/path/to/AmazonRootCA1.pem uvx awslabs.aurora-dsql-mcp-server ...
So it seems the like mcp.json or the steering docs could call this out as well:
- download the certifcate per https://docs.aws.amazon.com/aurora-dsql/latest/userguide/configure-root-certificates.html
- if on MacOS suggest this in the mcp.json
"env": {
"FASTMCP_LOG_LEVEL": "ERROR",
"PGSSLROOTCERT": "/path/to/AmazonRootCA1.pem"
},