AWS Database Blog

Category: Security, Identity, & Compliance

Migrate logins, database roles, users, and object-level permissions from Azure SQL Database to Amazon RDS for SQL Server

In this post, we demonstrate how to migrate SQL logins, database roles, users, and object-level permissions from Azure SQL Database to Amazon Relational Database Service (Amazon RDS) for SQL Server using T-SQL. Within SQL Server, a SQL login acts as a security principal, allowing a user or application to connect to a SQL Server instance. […]

Use Kerberos authentication with Amazon Aurora MySQL

Amazon Aurora MySQL-Compatible Edition offers multiple authentication methods to securely authenticate database user access and meet different security needs. The most common method of authentication is using a user name and password. This can create additional overhead for both users and database administrators to manage and rotate these credentials; it also requires additional investments in […]

Use AWS Nitro Enclaves to build Cubist CubeSigner, a secure and highly reliable key management platform for Ethereum validators and beyond

Validators are the fundamental building blocks of proof-of-stake (PoS) blockchain protocols like Ethereum. They maintain the history of the chain and run the consensus protocol that makes it possible to implement complex decentralized applications—from decentralized finance applications to NFT collectibles. To join the protocol, validators provide assets as collateral, which ensures they behave correctly in […]

Choose the right type of AWS KMS key to encrypt Amazon RDS and Aurora Global Database

Security is a top priority in any organization. Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. Amazon Aurora is a fully managed, MySQL- and PostgreSQL-compatible […]

Optimize AWS KMS decryption costs for Database Activity Streams

In regulated industries like healthcare and finance, auditing database activity is a top priority. Companies need to record the actions performed by database users and administrators to maintain compliance and security. AWS offers robust auditing for databases through Database Activity Streams (DAS). Integrated with Amazon Relational Database Service (Amazon RDS) and Amazon Aurora, DAS produces […]

Make EOA private keys compatible with AWS KMS

Those who choose to take ownership of digital assets, such as cryptocurrency or non-fungible tokens (NFTs), are faced with a crucial decision when creating a wallet: do they opt to manage their own wallet or delegate that responsibility to a trusted third party? Non-custodial wallet solutions, whereby a user manages their own wallet, are popular […]

Securely connect to Amazon RDS for PostgreSQL with AWS Session Manager and IAM authentication

Company policies usually do not allow database instances to have a public endpoint unless there is a specific business requirement. Although that protects those resources from public access over the internet, it also limits how users can connect to them from their computers. Frequently, database administrators and development teams try to overcome that restriction by […]

Join SQL Server on AWS to Microsoft Entra Domain Services

Windows Authentication offers a secure and efficient mechanism for authentication management in Microsoft SQL Server. Many customers use Microsoft Entra ID (previously Azure AD) as their identity provider for Windows authentication. With the launch of support to join Amazon RDS for SQL Server to self-managed Active Directory, you can now join your Amazon Relational Database […]

Mask PII data using AWS DMS and Amazon Macie during migration

In this post, we present a solution to identify PII data using Amazon Macie, mask it using AWS Database Migration Service (AWS DMS), and migrate it from an Amazon Relational Database Service (Amazon RDS) for Oracle production source database to an RDS for Oracle development target database, before releasing the environment to users. This way, you can save time and make sure that sensitive data is protected.

Import Ethereum private keys to AWS KMS

In the world of digital assets, private keys have always been of utmost importance. Unlike traditional assets, digital assets are controlled by private keys (a string of letters and numbers), just like passwords, which unlock the right to manage and use assets. Private keys can be used to irreversibly transfer funds from the wallet, thus, […]