Skip to content

Commit

Permalink
Merge pull request #102 from chanzuckerberg/jgadling/update-rds-tls
Browse files Browse the repository at this point in the history 
Install new TLS roots for RDS db's.
  • Loading branch information
@jgadling
jgadling authored Jun 24, 2024
2 parents 59e2d92 + a0d0839 commit 59b6584
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 0 deletions.
4 changes: 4 additions & 0 deletions api_server/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,8 @@
FROM hasura/graphql-engine:v2.25.1.cli-migrations-v3
# Install DB certs.
ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /usr/local/share/ca-certificates/global-bundle.crt
RUN update-ca-certificates

ADD ./migrations /hasura-migrations
ADD ./metadata /hasura-metadata
ADD . /app
4 changes: 4 additions & 0 deletions ingestion_tools/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,10 @@ RUN mkdir ingestion_tools
# Base utilities
RUN apt update && apt install -y wget unzip jq

# Install DB TLS certs
ADD https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /usr/local/share/ca-certificates/global-bundle.crt
RUN update-ca-certificates

# IMOD helps with MRC ingestion
# bio3d.colorado.edu isn't sending an intermediate cert, which breaks openssl (no AIA support). So we're installing it here.
RUN wget http://crt.sectigo.com/SectigoRSAOrganizationValidationSecureServerCA.crt && \
Expand Down

0 comments on commit 59b6584

Please sign in to comment.