AWS CloudHSM and Amazon RDS for Oracle Integration; New API, SDK, and CLI Tools
AWS CloudHSM is now integrated with Amazon RDS for Oracle. With this new capability, you can let AWS operate your Oracle databases while maintaining control of the master encryption keys. The AWS CloudHSM service helps you meet compliance requirements for data security by making dedicated, single tenant Hardware Security Module (HSM) appliances available within the AWS cloud. This feature allows you to maintain control of the master encryption keys in CloudHSM instances when encrypting Amazon RDS databases with Oracle Transparent Data Encryption (TDE).
You can also now provision and manage CloudHSM deployments with our new API, SDK, and CLI Tools, which let you launch, terminate, and describe CloudHSM instances from within programs or by executing commands. The CLI Tools make HSM administration and management tasks easier, especially for high availability (HA) configurations. For example, the CLI Tools can help you configure HA groups that span multiple availability zones, so you can build resilient applications. In the unlikely event of a hardware failure, you can launch a new CloudHSM instance and replicate the keys to the new HSM with a few commands.
CloudHSM also now works with AWS CloudTrail, the AWS service that records API calls for your account and delivers log files to you. This can help with regulatory and compliance requirements for auditing and logging.
To learn more about CloudHSM for Amazon RDS Oracle TDE, please see the Amazon RDS Oracle User Guide. To get started or learn more about CloudHSM please visit http://aws.amazon.com/cloudhsm.