Description
It would appear that the sslrootcert= connection string parameter is not supported, which means that you can not use verified SSL / TLS to a postgres database host using a certificate from a private CA, which includes Amazon RDS. If your database is using a certificate from a non-publicly trusted CA, the best you can do is no-verify which will give you SSL / TLS, but leave you vulnerable to a man-in-the-middle proxy.
More info on Amazon RDS certificates: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
Source for downloading RDS root certificates for verification: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.CertificatesDownload
Desired Behavior
Using a connection string such as postgres://user:pass@host/database?sslmode=require&sslrootcert=/path/to/cert.pem would result in a successful connection using TLS.
Motivation
If your database is using a certificate from a non-publicly trusted CA, the best you can do is no-verify which will give you SSL / TLS, but leave you vulnerable to a man-in-the-middle proxy. This leaves you one DNS attack or malicious hosts file entry away from streaming your database transactions to unknown attackers in realtime.
Implementation
Implement the sslrootcert connection string parameter as implemented in other postgresql client implementations, and in the underlying node-libpq API.