November 02, 2023

233: Replicator Isn’t a Real Product Because it isn’t Spelled with a K

34 minutes

Welcome to The Cloud Pod – where the forecast is always cloudy! This week your hosts Justin, Matthew, and Ryan are here to fill you in on all the latest and greatest happenings in the cloud, including news about your SSL & TLS certificates, MSK Replicator, and the Azure Incubations Team. Did you know about them? Neither did we!

Titles we almost went with this week:

The Cloud Pod Replicator… Replicating Snark to all the Kafkas

Mirror Mirror on the wall, Which Events? We Want Them All.

The Radius of my Patience for my Developer Portals is Shrinking

Oracle Java Plugin for VSCode… it’s a trap!

A big thanks to this week’s sponsor:

Foghorn Consulting provides top-notch cloud and DevOps engineers to the world’s most innovative companies. Initiatives stalled because you have trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

General News this Week:

AWS

01:20 Rotate Your SSL/TLS Certificates Now – Amazon RDS and Amazon Aurora Expire in 2024

If you want to have some “fun” you need to update the RDS SSL certificate for your db instances before they expire in 2024.

This impacts really any DB created before 2020.

You can choose CA certificates that expire in 40 years or 100 years.

This was more complicated than we realized when we did this on a database instance recently, and this step-by-step guide would have been great when we did it a month or so ago.

Step 1: Identify your impacted DB’s

Step 2: Update your database client and apps… this was the trickiest part for us.

Step 3: Test CA rotation on a non-production RDS instance

Step 4: Rinse and Repeat on Production.

01:45 Justin- “I definitely went for the 100 years to fake because I never want to do this again… This is not for the faint of heart, if you’re not familiar with how your database apps work, and do proceed with caution.”

05:48 Justin- “Well, so the 40 year one is a 2048 bit RSA certificate. The 100 year one is an RSA 4096 or an ECC 384 compiled. So it’s pretty high level encryption on both of those CAs. And the fun thing about that is if you do choose the 100 year certificate and you have like a T3 class system, all of a sudden now you’re processing a lot of stuff to calculate the cipher. So you may have some use cases where you don’t want to use the 100 year certificate because it does require some more CPU to process.”

07:07 Introducing Amazon MSK Replicator – Fully Managed Replication across MSK Clusters in Same or Different AWS Regions

Cross Cluster

...more

View all episodes

By Justin Brodley, Jonathan Baker, Ryan Lucas and Matthew Kohn

4.9

3333 ratings