Skip to content

RDS Encryption

RDS EncryptionΒΆ

  • Encryption at rest capability with AWS KMS (Key Management Service) - [[AES-256]] encryption
  • [[SSL certificates]] to encrypt data to AWS RDS in flight
  • To enforce SSL
    • [[PostgreSQL]]: rds.force_ssl1 in the AWS RDS console ([[Parameter Groups]])
    • [[MySQL]]: GRANT USAGE ON *.* TO 'mysqluser'@'%' REQUIRE SSL;
  • To connect using SSL:
    • Provide the [[SSL Trust certificate]] (can be downloaded from AWS)
    • Provide [[SSL options]] when connecting to database