What should a SysOps administrator do to meet this requirement?
Allow SSL connections to the database by using an inbound security group rule.
Encrypt the database by using an AWS Key Management Service (AWS KMS) encryption key.
Enforce SSL connections to the database by using a custom parameter group.
Patch the database with SSL/TLS by using a custom PostgreSQL extension.
Explanations:
Allowing SSL connections via an inbound security group rule is not a valid approach. Security groups are used for controlling network access and do not configure encryption settings for database connections.
Encrypting the database using AWS Key Management Service (KMS) would encrypt data at rest, but it does not enforce encrypted connections (SSL/TLS) for communication between clients and the database.
Enforcing SSL connections to the PostgreSQL DB instance is done by modifying the DB instance’s parameter group, specifically therds.force_sslparameter, to enforce SSL encryption for all connections.
Patching the database with a custom PostgreSQL extension is not required or relevant for enabling SSL/TLS encryption for connections to an Amazon RDS for PostgreSQL instance. The SSL/TLS configuration is managed via RDS parameters, not custom extensions.