07 July,2022 by Rambler
What does AWS recommend when you enable encryption for your RDS PostgreSQL encryption and Aurora PostgreSQL?
Most orgs are interested in 3 general categories of encryption for database servers :
1) Storage\file level - protecting against theft\misuse of storage units and database files
2) Column-level - protecting sensitive data against inappropriate access
3) Data in transit - Protecting against unauthorized access to data in transit , eavesdropping & Man in the middle Attack
Various options
-RDS PostgreSQL instance at rest - enable encryption for Amazon RDS DB instance upon creation of the instance. Encryption is based on AES-256 encryption. There are limitations - read Limitations of Amazon RDS encrypted DB instances for more details
-RDS PostgreSQL in transit - supports TLS\SSL encryption. Application connections to RDS PostgreSQL . TLS & MTLS is supported . The SSL connection can also be forced by configuring the rds.force_ssl = 1 via a custom parameter group
-RDS PostgreSQL column level- pgcrypto is supported for cryptographic functionality , for example in supporting column level encryption. How to encrypt a column using PostgreSQL
-Aurora PostgreSQL at rest - Use "Enable encryption" at the DB cluster level . This can be applied via AWS CLI
-Aurora PostgreSQL in transit - DB cluster parameter group choose the custom parameter group aurora-pg-ssl
-RDS PostgreSQL column level- pgcrypto is supported for cryptographic functionality , for example in supporting column level encryption. How to encrypt a column using PostgreSQL
Read more on PostgreSQL encryption
How to encrypt a column using PostgreSQL pgcrypto
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |