Revert to using aws-ssl-profiles for AWS RDS SSL handling

Marfuen · Marfuen · commit 475db5c6e22a · 2025-07-21T14:58:18.000-04:00
diff --git a/apps/web/bun.lock b/apps/web/bun.lock
diff --git a/apps/web/package.json b/apps/web/package.json
@@ -20,6 +20,7 @@
   },
   "dependencies": {
     "@t3-oss/env-nextjs": "^0.13.8",
+    "aws-ssl-profiles": "^1.1.2",
     "axios": "^1.10.0",
     "dotenv": "^17.1.0",
     "drizzle-orm": "^0.44.2",
diff --git a/apps/web/src/db/index.ts b/apps/web/src/db/index.ts
@@ -1,3 +1,4 @@
+import awsCaBundle from "aws-ssl-profiles";
 import { drizzle } from "drizzle-orm/node-postgres";
 import { Pool } from "pg";
 import { env } from "../env";
@@ -6,14 +7,8 @@ import * as schema from "./schema";
 // Create a connection pool using validated environment variables
 const pool = new Pool({
   connectionString: env.DATABASE_URL,
-  // For AWS RDS, we need to handle SSL differently in different environments
-  ssl:
-    process.env.NODE_ENV === "production"
-      ? {
-          rejectUnauthorized: false, // AWS RDS uses self-signed certificates
-          require: true, // But we still require SSL
-        }
-      : false,
+  // Use AWS CA bundle for SSL verification
+  ssl: awsCaBundle,
 });
 
 // Create the database instance
