chore(rds): deprecate CA certificate rds-ca-2019 (#31387)

go-to-k · web-flow · commit aedf617a754f · 2024-09-12T17:30:39.000Z
### Reason for this change The certificate `rds-ca-2019` expired in August, 2024. > Amazon RDS Certificate Authority certificates rds-ca-2019 are set to expire in August, 2024. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html I also confirmed in CLI: ``` ❯ aws rds describe-db-engine-versions --default-only --engine postgres { "DBEngineVersions": [ { ... ... "SupportedCACertificateIdentifiers": [ "rds-ca-ecc384-g1", "rds-ca-rsa4096-g1", "rds-ca-rsa2048-g1" ], } ] } ``` CFn deploy errors: ``` Resource handler returned message: "Certificate not found: rds-ca-2019 (Service: Rds, Status Code: 404, Request ID: ..." ``` ### Description of changes Deprecate the certificate. ### Description of how you validated changes ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts b/packages/aws-cdk-lib/aws-rds/lib/ca-certificate.ts
@@ -6,6 +6,7 @@
 export class CaCertificate {
   /**
    * rds-ca-2019 certificate authority
+   * @deprecated rds-ca-2019 expired in August, 2024.
    */
   public static readonly RDS_CA_2019 = CaCertificate.of('rds-ca-2019');
 
