AWS Official Blog

Amazon RDS for Oracle Database – Data and Network Encryption

by Jeff Barr | on | in Amazon RDS |

Amazon RDS for Oracle Database now supports a pair of important features to help protect your mission-critical data:

These features are components of Oracle’s Advanced Security Option (ASO) for Oracle Database 11g Enterprise Edition, available for use on Amazon RDS under the Bring-Your-Own-License (BYOL) model. There is no additional charge for either feature.

Enabling Native Network Encryption
To enable Native Network Encryption, add the NATIVE_NETWORK_ENCRYPTION option to an option group associated with the RDS DB Instance and specify the option settings. The settings are described in the Options for Oracle DB Engine section of the Amazon RDS Documentation and include SQLNET.ENCRYPTION_SERVER (encryption behavior), SQLNET.CRYPTO_CHECKSUM_SERVER (data integrity behavior),  SQLNET.ENCRYPTION_TYPES_SERVER (encryption algorithm), and SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER (checksum algorithm). You must also make the corresponding changes in the sqlnet.ora file on the client in order to be able to connect to the DB Instance.

Enabling Transparent Data Encryption
You can choose to encrypt entire tables (tablespaces) or individual columns.

To enable Transparent Data Encryption, add the TDE option to an option group associated with the RDS DB Instance. Once you choose to enable this option for a DB Instance, it becomes permanent, and cannot be disabled.

For more information on these and other options, take a look at the Options for Oracle DB Engine section of the Amazon RDS Documentation.

Ready Now
This feature is available today and you can start using it now (I never get tired of typing that!).

– Jeff;