AWS Training and Certification Module 3: AWS Database Options © 2018 Amazon Web Services, Inc. or its affiliates All rights reserved. 136
You can manage access to your Amazon Relational Database Service (Amazon RDS) resources and your databases on a DB instance. The method you use to manage access depends on what type of task the user needs to perform with Amazon RDS. • Run your DB instance in an Amazon virtual private cloud (VPC) for the greatest possible network access control. • Use AWS Identity and Access Management (IAM) policies to assign permissions that determine who is allowed to manage RDS resources. For example, you can use AWS IAM to determine who is allowed to create, describe, modify, and delete DB instances, tag resources, or modify DB security groups. • Use security groups to control which IP addresses or EC2 instances can connect to your databases on a DB instance. When you first create a DB instance, its firewall prevents any database access except through rules specified by an associated security group. • Use Secure Socket Layer (SSL) connections with DB instances running the MySQL, MariaDB, PostgreSQL, or Microsoft SQL Server database engines. • Use Amazon RDS encryption to secure your RDS DB instances and snapshots at rest. Amazon RDS encryption uses the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your RDS DB instance. • Use network encryption and transparent data encryption with Oracle DB instances. • Use the security features of your DB engine to control who can log in to the databases on a DB instance, just as you would if the database was on your local network. AWS Training and Certification Module 3: AWS Database Options © 2018 Amazon Web Services, Inc. or its affiliates All rights reserved. 137
For more information, see: • Using Amazon RDS with Amazon Virtual Private Cloud (VPC) - http:// docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html • Setting up an IAM user - http:// docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SettingUp.html# CHAP_SettingUp.IAM • Using SSL with a DB instance - http:// docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html • Encrypting Amazon RDS Resources - http:// docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.ht ml • Oracle NNE - http:// docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.Option s.html#Appendix.Oracle.Options.NetworkEncryption • Oracle TDE - http:// docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.Option s.html#Appendix.Oracle.Options.AdvSecurity AWS Training and Certification Module 3: AWS Database Options © 2018 Amazon Web Services, Inc. or its affiliates All rights reserved. 138
The slide shows a simple application stack with an application running in an Amazon EC2 instance supported by a master database running in an Amazon RDS database instance. Presenting the application behind an elastic load balancer allows for compute resiliency and scaling features such as Auto Scaling and ELB groups to be adopted in the future.
- Summer '18
- Amazon Web Services, AWS, Amazon Elastic Compute Cloud