What should the Database Specialist do to correct the Data Analysts’ inability to connect?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A company is deploying a solution in Amazon Aurora by migrating from an on-premises system.The IT department has established an AWS Direct Connect link from the company’s data center.The company’s Database Specialist has selected the option to require SSL/TLS for connectivity to prevent plaintext data from being set over the network.The migration appears to be working successfully, and the data can be queried from a desktop machine.Two Data Analysts have been asked to query and validate the data in the new Aurora DB cluster.Both Analysts are unable to connect to Aurora.Their user names and passwords have been verified as valid and the Database Specialist can connect to the DB cluster using their accounts.The Database Specialist also verified that the security group configuration allows network from all corporate IP addresses.

What should the Database Specialist do to correct the Data Analysts’ inability to connect?

Restart the DB cluster to apply the SSL change.

Instruct the Data Analysts to download the root certificate and use the SSL certificate on the connection string to connect.

Add explicit mappings between the Data Analysts’ IP addresses and the instance in the security group assigned to the DB cluster.

Modify the Data Analysts’ local client firewall to allow network traffic to AWS.

Explanations:

Restarting the DB cluster is not required for SSL/TLS to take effect. SSL/TLS settings are applied when the client connects, not when the DB cluster restarts.

SSL/TLS requires the use of the root certificate to establish a secure connection. The Data Analysts need to download the root certificate and specify it in the connection string to successfully connect using SSL.

The security group configuration already allows network traffic from all corporate IP addresses, so adding explicit mappings for the Data Analysts’ IPs is unnecessary.

The issue is not with the Data Analysts’ local firewall but with SSL/TLS configuration for secure connectivity. The firewall is not blocking the network traffic but likely not using the required SSL certificates.

2025-10-03

1 Comment

  1. Roger
    Author

    In my opinion, the answer is:
    Instruct the Data Analysts to download the root certificate and use the SSL certificate on the connection string to connect.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − eleven =