RDS 3 Flashcards
Security
Is traffic encrypted in transit to RDS?
Not by default, but you can turn it on
Security
Can you make encryption in transit mandatory?
Yes, even on a per-user basis
Security
How does RDS encrypt data at rest?
KMS encryption of EBS volume.
Security
How do you remove encryption after you turn it on?
Can’t: it’s EBS under the covers with KMS.
Security
What is TDE?
Transparent Data Encryption: standard for databases doing encryption at rest from inside their products
Security
Which databases support TDE?
Microsoft SQL Server and Oracle
Security
Is TDE better or worse security than EBS-based?
Better: data is encrypted before it goes through the underlying OS
Security
What’s the most secure way to encrypt at-rest in RDS?
Oracle with TDE backed by CloudHSM: AWS has no access to any key material