AWS Database Blog

Category: Security, Identity, & Compliance

Use IAM authentication with Amazon DocumentDB (with MongoDB compatibility)

Amazon DocumentDB now supports authentication of database users using IAM – users and applications can authenticate to Amazon DocumentDB clusters using IAM users and roles. In this post, we discuss this new feature and provide you resources on how to enable IAM authentication in your Amazon DocumentDB cluster.

Connect to an Amazon RDS or Amazon Aurora instance using a federated user with AWS IAM Identity Center and IAM database authentication

In this post, we share the steps to connect to an Amazon RDS for PostgreSQL or Amazon Aurora PostgreSQL-Compatible Edition instance using a federated user with IAM Identity Center and IAM database authentication.To enhance security and streamline access, you can connect to your RDS or Aurora instances using federated users with AWS IAM Identity Center and AWS Identity and Access Management (IAM) database authentication. This integration allows you to manage database access through IAM Identity Center, providing secure, centralized authentication.

Use Amazon RDS Proxy with IAM authentication for cross-account access

This post is a follow-up to Use Amazon RDS Proxy to provide access to RDS databases across AWS accounts, addressing cross-account connectivity when using RDS Proxy. We discuss how you can achieve cross-account connectivity while taking advantage of the simplicity and benefits of IAM authentication.

Review your Amazon Aurora and Amazon RDS security configuration with Prowler’s new checks

Prowler for AWS provides hundreds of security configuration checks across services such as Amazon Redshift, Amazon ElasticCache, Amazon API Gateway, Amazon CloudFront, and many more. In this post, we focus on these new and expanded Amazon RDS security checks, their integration with AWS Security Hub, and the benefits they offer AWS users.

Migrate logins, database roles, users, and object-level permissions from Azure SQL Database to Amazon RDS for SQL Server

In this post, we demonstrate how to migrate SQL logins, database roles, users, and object-level permissions from Azure SQL Database to Amazon Relational Database Service (Amazon RDS) for SQL Server using T-SQL. Within SQL Server, a SQL login acts as a security principal, allowing a user or application to connect to a SQL Server instance. […]

Use Kerberos authentication with Amazon Aurora MySQL

Amazon Aurora MySQL-Compatible Edition offers multiple authentication methods to securely authenticate database user access and meet different security needs. The most common method of authentication is using a user name and password. This can create additional overhead for both users and database administrators to manage and rotate these credentials; it also requires additional investments in […]

Use AWS Nitro Enclaves to build Cubist CubeSigner, a secure and highly reliable key management platform for Ethereum validators and beyond

Validators are the fundamental building blocks of proof-of-stake (PoS) blockchain protocols like Ethereum. They maintain the history of the chain and run the consensus protocol that makes it possible to implement complex decentralized applications—from decentralized finance applications to NFT collectibles. To join the protocol, validators provide assets as collateral, which ensures they behave correctly in […]

Choose the right type of AWS KMS key to encrypt Amazon RDS and Aurora Global Database

Security is a top priority in any organization. Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. Amazon Aurora is a fully managed, MySQL- and PostgreSQL-compatible […]

Optimize AWS KMS decryption costs for Database Activity Streams

In regulated industries like healthcare and finance, auditing database activity is a top priority. Companies need to record the actions performed by database users and administrators to maintain compliance and security. AWS offers robust auditing for databases through Database Activity Streams (DAS). Integrated with Amazon Relational Database Service (Amazon RDS) and Amazon Aurora, DAS produces […]

Make EOA private keys compatible with AWS KMS

Those who choose to take ownership of digital assets, such as cryptocurrency or non-fungible tokens (NFTs), are faced with a crucial decision when creating a wallet: do they opt to manage their own wallet or delegate that responsibility to a trusted third party? Non-custodial wallet solutions, whereby a user manages their own wallet, are popular […]