Category: Security, Identity, & Compliance

This post was originally published on January 08, 2020 and has been updated as of February 05, 2020. Please see new dates and suggested timeline below. If you are an Amazon DocumentDB (with MongoDB compatibility) customer, you might have received emails from AWS notifying you about rotating your TLS certificates. The TLS certificates for Amazon DocumentDB clusters will […]

This post was originally published on December 20, 2019 and has been updated as of March 4, 2020. Please see new dates and suggested timeline below. IMPORTANT UPDATE: If you are experiencing connectivity issues after the RDS Root CA expires, please skip down to the What do I have to do to maintain connectivity? section. […]

AWS provides two managed PostgreSQL options: Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL. Both support IAM authentication for managing access to your database. You can associate database users with IAM users and roles to manage user access to all databases from a single location, which avoids issues caused by permissions being out of sync […]

Today, Amazon DynamoDB introduced support for customer managed customer master keys (CMKs) to encrypt DynamoDB data. Often referred to as bring your own encryption (BYOE) or bring your own key (BYOK), this functionality lets you create, own, and manage encryption keys in DynamoDB, giving you full control over how you encrypt and manage the security […]

Organizations moving to secure their critical data worry about while it’s both at-rest and in transit. Relational databases are a common example of situations in which business-critical data must be secured. Microsoft SQL Server lets you secure the in-transit data using Secure Sockets Layer (SSL) encryption. This post reviews the process of enabling SSL encryption […]

January 2024: This post was reviewed and updated for accuracy. Storing user names and passwords directly in applications is not a best practice. Saving credentials as plaintext should never occur in a secure application. As a solution, AWS Identity and Access Management (IAM) policies can assign permissions that determine who is allowed to manage Amazon […]

Important Update: On 06/16/2021 AWS Key Management Service (AWS KMS) introduced multi-Region keys, a new capability that lets you replicate keys from one AWS Region into another. With multi-Region keys, you can more easily move encrypted data between Regions without having to decrypt and re-encrypt with different keys in each Region. Multi-Region keys are supported […]

This post has been reviewed and/or updated on June 2022. Data privacy is essential for organizations in all industries. Encryption services provide one standard method of protecting data from unauthorized access. However, encryption changes data in a way that makes it unreadable without the correct decryption key. Amazon Relational Database Service (Amazon RDS) can encrypt […]

As applications evolve to be more scalable for the web, customers are adopting flexible data structures and database engines for their use cases. Using NoSQL data stores has become increasing popular because of NoSQL’s flexible data model for building modern applications. Amazon DynamoDB is a fast and flexible NoSQL database service that can provide consistent […]

September 8, 2021: Amazon Elasticsearch Service has been renamed to Amazon OpenSearch Service. See details. When you use Amazon GuardDuty to help you protect your AWS accounts and workloads, you can enhance your ability to quickly search and visualize a large amount of data. In an enterprise, you might be analysing activity from thousands of […]