RDS Security Flashcards
What is encryption at rest in Amazon RDS?
Encryption at rest protects your data by converting it into unreadable code that cannot be easily deciphered by unauthorized people. Amazon RDS supports encryption at rest using AWS Key Management Service (KMS) to securely encrypt your databases.
What databases support encryption at rest in RDS?
Amazon RDS supports encryption for all of its database engines, including MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server.
How does RDS handle encryption in transit?
RDS supports encryption in transit by using SSL (Secure Socket Layer) to encrypt data exchanges between your application and your RDS databases to protect your data from eavesdropping.
What is an RDS security group?
An RDS security group acts as a virtual firewall to control the network access to your RDS database instances. It lets you specify which IP addresses or Amazon EC2 instances can connect to your databases.
How can you manage access control for RDS?
Access control for RDS instances can be managed using AWS Identity and Access Management (IAM) policies to define user permissions for database operations, combined with database-native authentication mechanisms.
What is the purpose of RDS IAM Authentication?
RDS IAM Authentication allows you to control who can authenticate to your RDS database instance using AWS Identity and Access Management (IAM) users and roles, enhancing security by leveraging AWS’s centralized access management.
Can you use VPCs with Amazon RDS for enhanced security?
Yes, deploying your RDS instances in an Amazon Virtual Private Cloud (VPC) allows you to isolate your database in a private section of the AWS cloud and control network access to your instances.
What are the best practices for RDS security?
Best practices include enabling encryption for data at rest and in transit, using RDS security groups to tightly control access, implementing IAM authentication, logging and monitoring database activities, and regularly patching your RDS instances.
How does Amazon RDS integrate with AWS CloudTrail for security?
Amazon RDS integrates with AWS CloudTrail to log, continuously monitor, and retain account activity related to actions across your RDS infrastructure, helping you ensure compliance with internal policies and regulatory standards.
What is the significance of automated backups and snapshots for RDS security?
Automated backups and snapshots provide point-in-time recovery options, ensuring data durability and enabling disaster recovery strategies. They are encrypted using the same keys as the databases if encryption at rest is enabled, further securing your data.
