We have Amazon RDS MySQL instances. Our application appears to connect to it simply by being in the same security group and same VPC, and the relevant developer is 90% certain that SSL is not involved.
We also connect to it for maintenance and inspection, typically via Sequel Pro. Looking at the Sequel Pro connection dialog, we are using SSL/TLS for these connections, but are connecting by username and password, with the "connect using SSL" checkbox set, but no key file, certificate, or CA certificate set. We also have restrictions on the MySQL port, only allowing outside connections from specific IP addresses.
Does the impending certificate change affect us?
Edit: Note that I'm asking not so much in terms of the cert change being necessary on the server side, as in terms of whether complementary changes are necessary in the application, or in Sequel Pro, for the users with direct maintenance access.
Yes. You need to update the SSL certificates if you want to use TLS connections to your database. I think yes because:
There is a 10% chance your production app is using TLS (incidentally, I think you need a better developer if they can't tell you that)
You connect using TLS for maintenance
You won't need any client side changes for this, unless you do something unusual like validating the certificate manually.