Follow dba-ninja.com

Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions

dba-ninja.com Links

Dba_db2_button

Sqlserver_dba_button

AWS PostgreSQL encryption

07 July,2022 by Rambler

What does AWS recommend when you enable encryption for your RDS  PostgreSQL encryption and Aurora PostgreSQL?

Most orgs are interested in 3 general categories of encryption for database servers :

1) Storage\file level - protecting against  theft\misuse of storage units and database files

2) Column-level  - protecting sensitive data against inappropriate access 

3) Data in transit - Protecting against  unauthorized access to data in transit , eavesdropping & Man in the middle Attack

 

 

Various options

-RDS PostgreSQL instance  at rest - enable encryption for Amazon RDS DB instance upon creation of the instance. Encryption is based on AES-256 encryption. There are limitations - read Limitations of Amazon RDS encrypted DB instances for more details 

-RDS PostgreSQL in transit - supports TLS\SSL encryption. Application connections to RDS PostgreSQL . TLS & MTLS is supported .     The SSL connection can also be forced by configuring the  rds.force_ssl = 1  via a custom parameter group  

-RDS PostgreSQL column level- pgcrypto is supported for cryptographic functionality , for example in supporting column level encryption. How to encrypt a column using PostgreSQL  

-Aurora PostgreSQL  at rest - Use "Enable encryption"  at the DB cluster level . This can be applied via AWS CLI 

-Aurora PostgreSQL in transit -  DB cluster parameter group choose the custom parameter group aurora-pg-ssl

-RDS PostgreSQL column level- pgcrypto is supported for cryptographic functionality , for example in supporting column level encryption. How to encrypt a column using PostgreSQL  

 

Read more on PostgreSQL encryption 

How to encrypt a column using PostgreSQL pgcrypto

 


Author: Rambler (http://www.dba-ninja.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on AWS PostgreSQL encryption


dba-ninja.com