Category: Security, Identity, & Compliance

For encrypting data at rest, Amazon RDS for Oracle offers two choices: AWS KMS and Oracle TDE. Although both AWS KMS and Oracle TDE provide encryption at rest capabilities, there are various factors to consider when choosing between them, such as licensing, edition dependency, encryption granularity, and feature restrictions. In this post, we provide guidance on choosing between the AWS KMS and Oracle TDE options for encrypting data at rest in RDS for Oracle, focusing on these key aspects.

When using Secrets Manager to manage your master user passwords, you cannot create new read replicas for your database instance. This applies to all DB engines except Amazon RDS for SQL Server, potentially impacting your organization’s ability to efficiently scale its read operations while maintaining secure credential practices. In this post, we present a solution that automates the process of rotating passwords for a primary instance with read replicas while maintaining secure credential management practices. This approach allows you to take advantage of the benefits of both read scaling and automated credential rotation.

Many organizations rely on Windows Authentication and Kerberos for secure access to their SQL Server databases. When using Amazon RDS for SQL Server with a self-managed Active Directory, organizations can enhance their authentication beyond the default NTLM protocol to support Kerberos authentication. In this post, we show you how to manually configure and maintain Kerberos authentication for Amazon RDS for SQL Server DB instances joined to a self-managed Active Directory. We walk through the process of configuring service principal names (SPNs), adding necessary user principal name (UPN) suffixes, and automating SPN updates to handle failovers and host replacements.

With Amazon RDS for Db2, you can seamlessly authenticate your users and groups with or without Kerberos authentication using a single AWS Microsoft AD directory that can serve multiple accounts. In this post, we use AWS Managed Microsoft AD from an AWS account to provide Microsoft AD authentication to Amazon RDS for Db2 in a different account.

In this post, AWS Service Sector Industry Solutions shares our journey in developing a feature that enables customers to efficiently locate and delete personal data upon request, helping them meet GDPR compliance requirements. The mission of the Service Sector Solutions Engineering Team is to accelerate AWS Cloud adoption across diverse industries, including Travel, Hospitality, Gaming, and Entertainment. We work with customers from Cruise Lines, Lodging, Alternative Accommodation, Travel Agencies, Airports, Airlines, Restaurants, Catering, Casinos, Lotteries, and more.

Amazon DocumentDB now supports authentication of database users using IAM – users and applications can authenticate to Amazon DocumentDB clusters using IAM users and roles. In this post, we discuss this new feature and provide you resources on how to enable IAM authentication in your Amazon DocumentDB cluster.

In this post, we share the steps to connect to an Amazon RDS for PostgreSQL or Amazon Aurora PostgreSQL-Compatible Edition instance using a federated user with IAM Identity Center and IAM database authentication.To enhance security and streamline access, you can connect to your RDS or Aurora instances using federated users with AWS IAM Identity Center and AWS Identity and Access Management (IAM) database authentication. This integration allows you to manage database access through IAM Identity Center, providing secure, centralized authentication.

This post is a follow-up to Use Amazon RDS Proxy to provide access to RDS databases across AWS accounts, addressing cross-account connectivity when using RDS Proxy. We discuss how you can achieve cross-account connectivity while taking advantage of the simplicity and benefits of IAM authentication.

Prowler for AWS provides hundreds of security configuration checks across services such as Amazon Redshift, Amazon ElasticCache, Amazon API Gateway, Amazon CloudFront, and many more. In this post, we focus on these new and expanded Amazon RDS security checks, their integration with AWS Security Hub, and the benefits they offer AWS users.

In this post, we demonstrate how to migrate SQL logins, database roles, users, and object-level permissions from Azure SQL Database to Amazon Relational Database Service (Amazon RDS) for SQL Server using T-SQL. Within SQL Server, a SQL login acts as a security principal, allowing a user or application to connect to a SQL Server instance. […]