Enhance AWS RDS SSL configuration for database connections

Marfuen · Marfuen · commit 85d7983ca6df · 2025-07-21T15:08:39.000-04:00
- Update buildspec.yml to set PGSSLMODE and NODE_TLS_REJECT_UNAUTHORIZED for SSL handling
- Modify drizzle.config.ts to include SSL options directly in dbCredentials
- Remove aws-ssl-profiles dependency and adjust db connection settings to disable certificate verification while maintaining SSL encryption
diff --git a/apps/web/buildspec.yml b/apps/web/buildspec.yml
@@ -17,6 +17,14 @@ phases:
       - echo "DATABASE_URL length:" ${#DATABASE_URL}
       - echo "DATABASE_URL (masked):" $(echo "$DATABASE_URL" | sed 's/:[^@]*@/:***@/')
       - echo "NODE_ENV:" $NODE_ENV
+
+      # === FIX FOR AWS RDS SSL CERTIFICATE ===
+      # AWS RDS uses self-signed certificates, we need to configure SSL properly
+      - export PGSSLMODE=require
+      - export NODE_TLS_REJECT_UNAUTHORIZED=0
+      - echo "PGSSLMODE set to:" $PGSSLMODE
+      - echo "NODE_TLS_REJECT_UNAUTHORIZED set to:" $NODE_TLS_REJECT_UNAUTHORIZED
+
       - cd apps/web
 
       - echo "=== INSTALLING DEPENDENCIES ==="
diff --git a/apps/web/drizzle.config.ts b/apps/web/drizzle.config.ts
@@ -6,14 +6,10 @@ export default defineConfig({
   out: "./src/db/migrations",
   dbCredentials: {
     url: process.env.DATABASE_URL!,
+    ssl: {
+      rejectUnauthorized: false,
+    },
   },
   verbose: true,
   strict: true,
-  driverOptions: {
-    connection: {
-      ssl: {
-        rejectUnauthorized: false,
-      },
-    },
-  },
 });
diff --git a/apps/web/package.json b/apps/web/package.json
@@ -20,7 +20,6 @@
   },
   "dependencies": {
     "@t3-oss/env-nextjs": "^0.13.8",
-    "aws-ssl-profiles": "^1.1.2",
     "axios": "^1.10.0",
     "dotenv": "^17.1.0",
     "drizzle-orm": "^0.44.2",
@@ -41,6 +40,7 @@
     "drizzle-kit": "^0.31.4",
     "eslint": "^9",
     "eslint-config-next": "15.3.5",
+    "postcss": "^8.4.39",
     "tailwindcss": "^4",
     "typescript": "^5"
   }
diff --git a/apps/web/src/db/index.ts b/apps/web/src/db/index.ts
@@ -1,4 +1,3 @@
-import awsCaBundle from "aws-ssl-profiles";
 import { drizzle } from "drizzle-orm/node-postgres";
 import { Pool } from "pg";
 import { env } from "../env";
@@ -7,8 +6,11 @@ import * as schema from "./schema";
 // Create a connection pool using validated environment variables
 const pool = new Pool({
   connectionString: env.DATABASE_URL,
-  // Use AWS CA bundle for SSL verification
-  ssl: awsCaBundle,
+  // AWS RDS uses self-signed certificates
+  // We need to disable certificate verification but keep SSL encryption
+  ssl: {
+    rejectUnauthorized: false,
+  },
 });
 
 // Create the database instance
