RDS Security & Encryption

Question 1

What encryption options does Amazon RDS offer?

Answer 1

Amazon RDS supports encryption at rest using AWS Key Management Service (KMS) and also allows encryption of data in transit using SSL/TLS.

Question 2

How does Amazon RDS handle network security?

Answer 2

Security Groups: Controls inbound and outbound traffic to RDS instances.
VPC: Instances can be launched within a Virtual Private Cloud to isolate them from other networks.

Question 3

What access management features does Amazon RDS provide?

Answer 3

IAM Policies: Manages database access using AWS Identity and Access Management (IAM) policies.
Database Authentication: Supports IAM authentication for MySQL and PostgreSQL; allows integration with AWS Directory Service for Microsoft SQL Server.

Question 4

What monitoring and compliance tools are available with Amazon RDS?

Answer 4

Amazon RDS Event Notifications: Alerts via SNS for RDS events.
AWS CloudTrail: Logs and monitors API calls to RDS, including calls made via the AWS Management Console, AWS SDKs, and command line tools.
AWS Config: Tracks configurations and changes to aid in compliance needs.