IT disaster recovery, cloud computing and information security news

Amazon AWS warns certain users to update certificates or face lost connectivity

Amazon AWS has told users of Amazon Aurora, Amazon Relational Database Service (RDS), or Amazon DocumentDB (with MongoDB compatibility) that are taking advantage of SSL/TLS certificate validation when connecting to database instances that it is necessary to ‘download and install a fresh certificate , rotate the certificate authority (CA) for the instances, and then reboot the instances’.

The action is required because SSL/TLS certificates for RDS, Aurora, and Amazon DocumentDB expire and are replaced every five years as part of Amazon AWS’s standard maintenance and security discipline.

The deadline date for refreshing SSL/TLS certificate for these services is March 5, 2020 when the CA-2015 certificates will expire. Amazon AWS says that applications that use certificate validation but have not updated their certificates will lose connectivity after this date.

Kevin Bocek, VP security strategy and threat intelligence, Venafi commented:

“In the cloud, the difference between you, another business or an attacker can be just a TLS certificate that acts as a machine identity.

“Unfortunately, even businesses that have cloud first initiatives are not prepared to tackle the challenges of managing and protecting machine identities. This is becoming a major problem because many organisations use multiple clouds to conduct business, which can involve hundreds, or even thousands, of machine identities. 

“Amazon AWS is urgently notifying customers of some of their most popular database services that they’re responsible for changing out some of their machine identities or face being locked out. This is just one more reason why it’s not optional for businesses to have complete visibility over all the machine identities they use and the automation to change them out fast. This is the only way to make sure the business can protect themselves in and out of the cloud.”

More details.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.