Security

Authentication

• IAM roles can be used to connect to your database, however username and password can be used to connect to database, though discouraged.

At-rest encryption

• Database master and replicas can be encrypted using KMS, configured before launch.

• Read Replicas can only be encrypted if master is encrypted.

• To enable encryption on a unencrypted database, one has to take a snapshot, restore as encrypted.

In-flight encryption

• TLS-ready by default, use AWS TLS root certificate at client side.