RDS & Aurora Security

To know:

  • Master DB and replica encryption using AWS KMS - must be define at launch time

  • If the master is not encrypted, the read replica can not be encrypted.

  • To encrpt and unencrypted database, go though a DB snapshot & restore as encrypted

  • Can using IAM authenticatication instead of username/password

  • Security group

  • Audit Logs can be enabled and sent to CloudWatch for longer retention

PreviousRDS & Aurora Restore optionsNextElastic Cache

Last updated