From f67ae5a7b39899bb08a263d55974e5abe0f8d558 Mon Sep 17 00:00:00 2001
From: David Mejia <davidsmejia@gmail.com>
Date: Wed, 21 Aug 2024 17:12:36 -0400
Subject: [PATCH] explicitly set RDS cert to latest default for posterity

---
 infrastructure/database.tf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/infrastructure/database.tf b/infrastructure/database.tf
index 503fcf75b..3a5cd8c73 100644
--- a/infrastructure/database.tf
+++ b/infrastructure/database.tf
@@ -1,5 +1,11 @@
 # This file contains the configuration for the database and related resources.
 
+data "aws_rds_certificate" "cert" {
+  id = "rds-ca-rsa2048-g1"
+  # This returns multiple certs and the aws provider throws an error.
+  # latest_valid_till = true
+}
+
 resource "aws_db_parameter_group" "postgres_parameters" {
   name = "postgres-parameters-${var.user}-${var.stage}"
   description = "Postgres Parameters ${var.user} ${var.stage}"
@@ -163,6 +169,8 @@ resource "aws_db_instance" "postgres_db" {
   multi_az = true
   publicly_accessible = true
 
+  ca_cert_identifier = data.aws_rds_certificate.cert.id
+
   backup_retention_period = var.stage == "prod" ? "7" : "0"
 
   tags = var.default_tags