diff --git a/config/cloudquery/postgresql.yaml b/config/cloudquery/postgresql.yaml
index 5eea7e93d..258459687 100644
--- a/config/cloudquery/postgresql.yaml
+++ b/config/cloudquery/postgresql.yaml
@@ -12,4 +12,5 @@ spec:
   
   spec:
     #TODO put credentials and adress later
-    connection_string: 'postgresql://postgres:£PASSWORD@£HOST:5432/postgres?sslmode=disable'
+    # See https://www.postgresql.org/docs/11/libpq-connect.html#LIBPQ-CONNECT-SSLMODE for sslmode options
+    connection_string: 'postgresql://postgres:£PASSWORD@£HOST:5432/postgres?sslmode=verify-full'
diff --git a/packages/cdk/lib/__snapshots__/cloudquery.test.ts.snap b/packages/cdk/lib/__snapshots__/cloudquery.test.ts.snap
index 5276be916..8339700f1 100644
--- a/packages/cdk/lib/__snapshots__/cloudquery.test.ts.snap
+++ b/packages/cdk/lib/__snapshots__/cloudquery.test.ts.snap
@@ -982,6 +982,8 @@ PASSWORD=$(aws secretsmanager get-secret-value --secret-id ",
                 },
                 " | jq -r '.SecretString|fromjson|.password|@uri')
 sed -i "s/£PASSWORD/$PASSWORD/g" postgresql.yaml
+curl https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem -o /usr/local/share/ca-certificates/rds-ca-2019-root.crt
+update-ca-certificates
 systemctl enable cloudquery.timer
 systemctl start cloudquery.timer",
               ],
diff --git a/packages/cdk/lib/cloudquery.ts b/packages/cdk/lib/cloudquery.ts
index afdba86c4..175d459f2 100644
--- a/packages/cdk/lib/cloudquery.ts
+++ b/packages/cdk/lib/cloudquery.ts
@@ -148,6 +148,10 @@ export class CloudQuery extends GuStack {
 			`PASSWORD=$(aws secretsmanager get-secret-value --secret-id ${dbSecret} --region ${this.region} | jq -r '.SecretString|fromjson|.password|@uri')`,
 			`sed -i "s/£PASSWORD/$PASSWORD/g" postgresql.yaml`,
 
+			// Install RDS certificate
+			'curl https://s3.amazonaws.com/rds-downloads/rds-ca-2019-root.pem -o /usr/local/share/ca-certificates/rds-ca-2019-root.crt',
+			'update-ca-certificates',
+
 			'systemctl enable cloudquery.timer',
 			'systemctl start cloudquery.timer',
 		);