From the CTO of RADSense Software

Alin Irimie

Subscribe to Alin Irimie: eMailAlertsEmail Alerts
Get Alin Irimie via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Blog Feed Post

Amazon Relational Database Service (RDS) Now Supports SSL Encrypted Connections

RDS now generates an SSL certificate for each DB Instance. If you need a certificate for an existing instance youll need to reboot it using the AWS Management Console, the RDS command-line tools, or the RDS APIs.

Here are a few interesting things things to keep in mind:

  • SSL encrypts the data transferred ‘over the wire’ between your DB Instance and your application. It does not protect data ‘at rest.’ If you want to do this, youll need to encrypt and decrypt the data on your own.
  • SSL encryption and decryption is a compute-intensive task and as such it will increase the load on your DB Instance. You should monitor your database performance using the CloudWatch metrics in the AWS Management Console (pictured at right), and scale up to a more powerful instance type if necessary.
  • The SSL support is provided for encryption purposes and should not be relied upon to authenticate the DB Instance itself.
  • You can configure your database to accept only SSL connections by using the GRANT command with the REQUIRE SSL option. You can do this on a per-user basis so you could, for example, require SSL requests only from users connecting from a non-EC2 host.

You can learn more about this new feature in the RDS Documentation on Database Instances and in the forum post.

Related posts:

Read the original blog entry...

More Stories By Alin Irimie

Alin Irimie is a software engineer - architect, designer, and developer with over 10 years experience in various languages and technologies. Currently he is Messaging Security Manager at Sunbelt Software, a security company. He is also the CTO of RADSense Software, a software consulting company. He has expertise in Microsoft technologies such as .NET Framework, ASP.NET, AJAX, SQL Server, C#, C++, Ruby On Rails, Cloud computing (Amazon and Windows Azure),and he also blogs about cloud technologies here.