RDS certificate renewal to rds-ca-rsa4096-g1 version

The current CA will expire on June 1, 2022. Starting January 7, 2022 and before June 1, 2022 you will need to first add new CA certificates to the trust stores in your client applications and then update the certificates on your database instances to the latest issued rds-ca-rsa4096-g1 version.

base/customer_portal/rds.tf

@@ -20,7 +20,7 @@ resource "aws_db_instance" "postgres" {
   db_subnet_group_name        = aws_db_subnet_group.customer_portal_rds_subnets.name
   backup_window               = "03:00-06:00"
   backup_retention_period     = 7
-  ca_cert_identifier          = "rds-ca-2017"
+  ca_cert_identifier          = "rds-ca-rsa4096-g1"
   deletion_protection         = var.environment == "test" ? "false" : "true"
   delete_automated_backups    = "true"
   engine                      = "postgres"

base/jira/rds_jira/main.tf

@@ -4,7 +4,7 @@ data "aws_rds_certificate" "latest" {
 
 locals {
   # GovCloud and Commercial use different CA certs
-  ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-2017"
+  ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-rsa4096-g1"
 }
 
 output "ca_cert_identifier" {

base/rhsso/rds.tf

@@ -4,7 +4,7 @@ data "aws_rds_certificate" "latest" {
 
 locals {
   # GovCloud and Commercial use different CA certs
-  ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-2017"
+  ca_cert_identifier = var.aws_partition == "aws" ? "rds-ca-2019" : "rds-ca-rsa4096-g1"
 }
 
 output "ca_cert_identifier" {