AWS Database Blog

Category: Security, Identity, & Compliance

Design patterns to access cross-account secrets stored in AWS Secrets Manager

This post discusses cross-account design options and considerations for managing Amazon Relational Database Service (Amazon RDS) secrets that are stored in AWS Secrets Manager. Amazon RDS is a managed service that makes it easy to set up, operate, and scale a relational database on AWS. Secrets Manager helps you securely store, encrypt, manage, rotate, and […]

Read More

Customizing security parameters on Amazon RDS for SQL Server

You can now use database (DB) parameters to configure security protocols and ciphers on Amazon RDS for SQL Server. You can configure various security protocols and ciphers available for your RDS SQL Server instance. You can also choose to enable or disable certain TLS versions or ciphers, such as RC4 stream cipher, based on your […]

Read More

Using IAM authentication to connect with pgAdmin Amazon Aurora PostgreSQL or Amazon RDS for PostgreSQL

Amazon Relational Database Service (RDS) enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for PostgreSQL database instances and Amazon Aurora PostgreSQL clusters. Database administrators can associate database users with IAM users and roles. With IAM database authentication, you don’t need to use a password when you connect to a database cluster. Instead, you […]

Read More

Joining your Amazon RDS DB instances across accounts to a single shared domain

How can you simplify the setup and maintenance and reduce the costs of AWS Managed Microsoft AD directories, while also strengthen the security of your Amazon Relational Database Service (RDS) for SQL Server DB instances? AWS announced that you can now join your Amazon RDS for SQL Server DB instances deployed across multiple AWS accounts […]

Read More

Amazon DocumentDB (with MongoDB compatibility) customers: Update your TLS certificates by March 5, 2020

This post was originally published on January 08, 2020 and has been updated as of February 05, 2020. Please see new dates and suggested timeline below. If you are an Amazon DocumentDB (with MongoDB compatibility) customer, you might have received emails from AWS notifying you about rotating your TLS certificates. The TLS certificates for Amazon DocumentDB clusters will […]

Read More

Amazon RDS customers: Update your SSL/TLS certificates by March 5, 2020

This post was originally published on December 20, 2019 and has been updated as of March 4, 2020. Please see new dates and suggested timeline below. IMPORTANT UPDATE: If you are experiencing connectivity issues after the RDS Root CA expires, please skip down to the What do I have to do to maintain connectivity? section. […]

Read More

Securing Amazon RDS and Aurora PostgreSQL database access with IAM authentication

AWS provides two managed PostgreSQL options: Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. Both support IAM authentication for managing access to your database. You can associate database users with IAM users and roles to manage user access to all databases from a single location, which avoids issues caused by permissions being out of sync […]

Read More

Bring your own encryption keys to Amazon DynamoDB

Today, Amazon DynamoDB introduced support for customer managed customer master keys (CMKs) to encrypt DynamoDB data. Often referred to as bring your own encryption (BYOE) or bring your own key (BYOK), this functionality lets you create, own, and manage encryption keys in DynamoDB, giving you full control over how you encrypt and manage the security […]

Read More

Enabling SSL encrypted connections to Microsoft SQL Server using AWS Certificate Manager Private Certificate Authority

Organizations moving to secure their critical data worry about while it’s both at-rest and in transit. Relational databases are a common example of situations in which business-critical data must be secured. Microsoft SQL Server lets you secure the in-transit data using Secure Sockets Layer (SSL) encryption. This post reviews the process of enabling SSL encryption […]

Read More

IAM role-based authentication to Amazon Aurora from serverless applications

Storing user names and passwords directly in applications is not a best practice. Saving credentials as plaintext should never occur in a secure application. As a solution, AWS Identity and Access Management (IAM) policies can assign permissions that determine who is allowed to manage Amazon Aurora resources. For example, you can use IAM to determine […]

Read More