Custom domain for Neptune cluster endpoints

I've created a Route 53 private hosted zone and added a CNAME record (dbcluster.neptune.local) for Neptune endpoints. However, when accessing the CNAME record from a Lambda function, I'm encountering the error "SSL_VALIDATION_FAILED".

The objective is to have a blue/green Neptune upgrade. For this, we create a new Neptune cluster with the latest version, test and promote it. So we update the default CNAME record to point to the new cluster endpoint.

What is the AWS best practice for replacing Neptune endpoints with a custom domain (with support of ssl validation)?

Topics

Database Networking & Content Delivery

Tags

Amazon Neptune Amazon Route 53

Language

English

Dhinesh

asked a month ago117 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

The best method to use in this sort of scenario is to parameterize the endpoints within your application. Perhaps use them as configuration parameters within a parameter store or configuration database.

Depending on the client library you're using, you could also use a load balancer or proxy and terminate the SSL connections at the proxy (allowing the load balancer or proxy to build backend connections to Neptune that would be validated connections).

Neptune does not support importing custom SSL certs, so there's no way to validate connections that use a hostname other than the endpoints provided by the Neptune cluster (cluster endpoint, reader endpoint, or instance endpoints).

Taylor-AWS

answered a month ago

EXPERT

Giovanni Lauria

reviewed a month ago

Relevant content

How to set A and CNAME records for a registered domain in Route 53?
yoventures
asked 10 months ago
Route 53 domain cname record without hosted zone
Accepted Answer
ChapterSevenSeeds
asked 3 years ago
Can you validate an ACM public certificate using a domain record in a Route 53 private hosted zone?
Accepted Answer
AWS-User-2983741
asked 6 years ago
Route 53 DNS queries when CNAME points to an A record
Accepted Answer
AWS-User-7524022
asked 6 years ago
How do I resolve Route 53 private hosted zones when using an AWS Managed Microsoft AD directory?
AWS OFFICIALUpdated 2 years ago
Why can’t I create a CNAME record in Route 53?
AWS OFFICIALUpdated a year ago
How do I create alias records for services hosted in AWS?
AWS OFFICIALUpdated 10 months ago
How do I configure a Route 53 Resolver inbound endpoint to resolve DNS records in my private hosted zone from my remote network?
AWS OFFICIALUpdated a year ago
Workaround for CNAME to external web sites at the zone apex
EXPERT
slope roll
published 5 months ago
Integrating Neptune and DynamoDB databases with Amazon EKS to build scalable and resilient applications
AWS OFFICIALUpdated 2 days ago