Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
RDS Encryption
  • RDS can encrypt your Amazon RDS database instances.
    • Data that is encrypted at rest includes the underlying storage for database instances, its automated backups, read replicas, and snapshots.
  • RDS encrypted DB instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your Amazon RDS DB instances.
  • After your data is encrypted, Amazon RDS handles authentication of access and decryption of your data transparently with a minimal impact on performance.
  • RDS also supports encrypting an Oracle or SQL Server DB instance with Transparent Data Encryption (TDE).
  • Snapshots of unencrypted databases are unencrypted.
  • Snapshots of encrypted databases are encrypted.
  • You can copy an unencrypted snapshot and turn it into an encrypted one.
  • Encrypt unencrypted RDS database: 1. Create a snapshot of the unencrypted database. 2. Encrypt the snapshot (using copy). 3. Restore the database from the encrypted snapshot. 4. Migrate applications to the new database.
  • You can use SSL or TLS from your application to encrypt a connection to a DB instance.
    • Each DB engine has its own process for implementing SSL/TLS.
Copy link