Amazon RDS for MariaDB now supports enforcing SSL/TLS connections
Amazon Relational Database Service (Amazon RDS) for MariaDB supports encrypted SSL/TLS connections to the database instances. Starting today, you can enforce SSL/TLS client connections to your Amazon RDS for MariaDB database instance for enhanced transport layer security. To enforce SSL/TLS, enable the require_secure_transport parameter (disabled by default) through the Amazon RDS Management Console, the AWS CLI or the API. When the require_secure_transport parameter is enabled, a database client will be able to connect to the RDS for MariaDB instance only if it can establish an encrypted connection.