AWS Database Blog

Category: Security, Identity, & Compliance

Amazon DocumentDB (with MongoDB compatibility) customers: Update your TLS certificates by February 5, 2020

If you are an Amazon DocumentDB (with MongoDB compatibility) customer, you might have received emails from AWS notifying you about rotating your TLS certificates. The TLS certificates for Amazon DocumentDB clusters will expire on March 5, 2020 as part of standard maintenance and security best practices for Amazon DocumentDB. All Amazon DocumentDB customers who use TLS to connect to […]

Read More

Amazon RDS customers: Update your SSL/TLS certificates by February 5, 2020

If you are an Amazon RDS and Amazon Aurora customer, you might have received emails from AWS notifying you about rotating your SSL/TLS certificates. The current SSL/TLS certificates for RDS DB instances will expire on March 5, 2020 as part of standard maintenance and security best practices for RDS. In order to avoid interruption to your applications which use SSL/TLS […]

Read More

Securing Amazon RDS and Aurora PostgreSQL database access with IAM authentication

AWS provides two managed PostgreSQL options: Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. Both support IAM authentication for managing access to your database. You can associate database users with IAM users and roles to manage user access to all databases from a single location, which avoids issues caused by permissions being out of sync […]

Read More

Bring your own encryption keys to Amazon DynamoDB

Today, Amazon DynamoDB introduced support for customer managed customer master keys (CMKs) to encrypt DynamoDB data. Often referred to as bring your own encryption (BYOE) or bring your own key (BYOK), this functionality lets you create, own, and manage encryption keys in DynamoDB, giving you full control over how you encrypt and manage the security […]

Read More

Enabling SSL encrypted connections to Microsoft SQL Server using AWS Certificate Manager Private Certificate Authority

Organizations moving to secure their critical data worry about while it’s both at-rest and in transit. Relational databases are a common example of situations in which business-critical data must be secured. Microsoft SQL Server lets you secure the in-transit data using Secure Sockets Layer (SSL) encryption. This post reviews the process of enabling SSL encryption […]

Read More

IAM role-based authentication to Amazon Aurora from serverless applications

Storing user names and passwords directly in applications is not a best practice. Saving credentials as plaintext should never occur in a secure application. As a solution, AWS Identity and Access Management (IAM) policies can assign permissions that determine who is allowed to manage Amazon Aurora resources. For example, you can use IAM to determine […]

Read More

Performing SQL database client-side encryption for multi-Region high availability

Amazon Relational Database Service (RDS) and Amazon Aurora natively provide encryption at rest to protect the underlying storage of database instances, automated backups, Read Replicas, and snapshots. However, some customers may have greater data protection requirements which require encrypting data in use. For example, encryption is required where tokenization solutions do not fit, such as when […]

Read More

Securing data in Amazon RDS using AWS KMS encryption

Data privacy is essential for organizations in all industries. Encryption services provide one standard method of protecting data from unauthorized access. However, encryption changes data in a way that makes it unreadable without the correct decryption key. Amazon RDS encrypts data by default, using AWS owned keys. However, some customers prefer to encrypt data using […]

Read More

Understanding Amazon DynamoDB encryption by using AWS Key Management Service and analysis of API calls with Amazon Athena

As applications evolve to be more scalable for the web, customers are adopting flexible data structures and database engines for their use cases. Using NoSQL data stores has become increasing popular because of NoSQL’s flexible data model for building modern applications. Amazon DynamoDB is a fast and flexible NoSQL database service that can provide consistent […]

Read More

Monitoring your security with GuardDuty in real time with Amazon Elasticsearch Service

When you use Amazon GuardDuty to help you protect your AWS accounts and workloads, you can enhance your ability to quickly search and visualize a large amount of data. In an enterprise, you might be analysing activity from thousands of accounts. After the analysis, your security team needs to be alerted in order to take […]

Read More