AWS Security Blog
Tag: RDS
Architecting for database encryption on AWS
In this post, I review the options you have to protect your customer data when migrating or building new databases in Amazon Web Services (AWS). I focus on how you can support sensitive workloads in ways that help you maintain compliance and regulatory obligations, and meet security objectives. Understanding transparent data encryption I commonly see […]
Use AWS Secrets Manager client-side caching libraries to improve the availability and latency of using your secrets
At AWS, we offer features that make it easier for you to follow the AWS Identity and Access Management (IAM) best practice of using short-term credentials. For example, you can use an IAM role that rotates and distributes short-term AWS credentials to your applications automatically. Similarly, you can configure AWS Secrets Manager to rotate a […]
How to create and retrieve secrets managed in AWS Secrets Manager using AWS CloudFormation templates
Updated November 15, 2018: We added information to make variables more clear in the sample template. AWS Secrets Manager now integrates with AWS CloudFormation so you can create and retrieve secrets securely using CloudFormation. This integration makes it easier to automate provisioning your AWS infrastructure. For example, without any code changes, you can generate unique […]
How to use AWS Secrets Manager to rotate credentials for all Amazon RDS database types, including Oracle
August 31, 2021: AWS KMS is replacing the term customer master key (CMK) with AWS KMS key and KMS key. The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term. More info. You can now use AWS Secrets Manager to rotate credentials for Oracle, Microsoft SQL Server, […]
Manage Access to Your Amazon RDS for MySQL and Amazon Aurora Databases Using AWS IAM
Starting today, Amazon RDS enables you to use AWS Identity and Access Management (IAM) to manage database access for Amazon RDS for MySQL database instances and Amazon Aurora database clusters. By using IAM, you can manage user access to all AWS resources from a single location, without needing to manage users in the database. This includes expanding […]
Amazon RDS Customers: Update Your SSL Certificates by March 23, 2015
If you are an Amazon RDS customer, you might have received email from AWS notifying you about rotating your SSL certificates. The SSL certificates for RDS database instances are being updated on March 23, 2015, at 20:00 UTC. The certificates are being updated as part of standard maintenance and security best practices for RDS, and […]
In Case You Missed These: Some Recent AWS-Related Security Articles
With the steady stream of updates and enhancements for AWS services, it can be easy to miss important information about features related to security. Here are some recent security-related updates and announcements about AWS services that you might not have heard about yet. Customizable security groups and multiple task instances now available for Amazon EMR […]
AWS CloudHSM Is Now Integrated with Amazon RDS for Oracle and Provides Enhanced Management Tools
November 24, 2021: This blog post announced a feature of AWS CloudHSM Classic which integrated with Amazon RDS for Oracle to provide customers with an easy integration for Transparent Data Encryption (TDE). The AWS CloudHSM team have since released AWS CloudHSM, and this feature is no longer available. For updated options, please see out this […]
Amazon RDS Now Supports Encryption via AWS Key Management Service
Today, Amazon RDS for MySQL and PostgreSQL released support for database encryption using AWS Key Management Service (KMS). This feature addresses a common request from customers who have asked for an easy way to encrypt data in these RDS database types. When you create a new MySQL or PostgreSQL database instance, you can choose to […]
With New ELB Permissions, Support for IAM in AWS Is Going Strong
The Elastic Load Balancing team announced on May 13, 2014 that they’ve added support for resource-level permissions. Not only can you specify which ELB actions a user can perform, you can specify which resources the user can perform those actions on. For more information about the new ELB permissions, see Controlling Access to Your Load […]