- Newest
- Most votes
- Most comments
Hello.
I think you can ensure the minimum level of security by encrypting the communication with SSL when using an ODBC connection and by setting the RDS security group to only allow connection sources from specific sources.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
However, as introduced in the AWS blog below, I don't think it's a good idea to use public access when considering network separation.
https://aws.amazon.com/jp/blogs/database/applying-best-practices-for-securing-sensitive-data-in-amazon-rds/
A key security consideration for your sensitive data is the network isolation of the database. Network isolation makes your database accessible only on a private IP address range to only those components that require access to it. The fundamental design component that enables this security isolation is Amazon VPC. You associate a VPC with your database instance at the time that you create the database instance.
Adding: Only you can determine if something is "secure". We can recommend and give you guidance but in the end, whatever you're doing has to be within the risk parameters that you have.
Hi,
You can go a step further than SSL suggested by Riku with the VPN client: https://aws.amazon.com/vpn/client-vpn/
Then, you can keep your databased enclosed by a private VPC which you link to VPN gateway. In this way, only the clients secured / authenticated by VPN gateway can access the VPC, hence the database.
This blog post details how to implement: https://aws.amazon.com/blogs/security/authenticate-aws-client-vpn-users-with-aws-single-sign-on/
Best,
Didier
Relevant content
- Accepted Answerasked 8 months ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 10 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 8 months ago
Thank you for your kind response. I understand the possibility and the security considerations. It would be greatly appreciated if you could also tell me whether using the direct connect setup and making an ODBC connection to the RDS is achievable or not. If there are any documentations for this, I would be grateful if you could share them. Thank you!
Connection using DirectConnect is possible. In that case, public access does not need to be enabled. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.Scenarios.html#USER_VPC.NotPublic