Use of expired CA certificates can impact the confidentiality of data in transit and may disrupt database services.
If using the Amazon RDS CA-2015 certificates, CA-2015 certificates have expired as of March 5, 2020. It is recommended to update all existing CA certificates to CA-2019, which is enabled by default when creating a new DB instance.
In Terraform -
For more information on how to rotate SSL/TLS Certificates, see the AWS documentation.
References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL-certificate-rotation.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#ca_cert_identifier