Understanding aws and rds connections

StackOverflow https://stackoverflow.com/questions/23504083

Question

I've just started working with AWS EC2 instances, and I want to migrate the MySQL DB on the EC2 to a RDS instance.

My question is about security, when I connect to my EC2 instance I use a security key (.pem) file to encrypt my connection from laptop to EC2. But when the EC2 connects to the RDS i believe it will be using port 3306 on the RDS and be unencrypted? Is this a security risk for my web application?

If this is a security risk what is the best practice for securely connecting the EC2 to the RDS?

Thanks!

Was it helpful?

Solution

https://aws.amazon.com/rds/faqs/

Can I encrypt connections between my application and my DB Instance using SSL?

Yes, however, this option is currently only supported for the MySQL, SQL Server, and PostgreSQL engines.

Amazon RDS generates an SSL certificate for each DB Instance. Once an encrypted connection is established, data transferred between the DB Instance and your application will be encrypted during transfer. If you require your data to be encrypted while “at rest” in the database, your application must manage the encryption and decryption of data. Also note that SSL support within Amazon RDS is for encrypting the connection between your application and your DB Instance; it should not be relied on for authenticating the DB Instance itself.

http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport

OTHER TIPS

You can setup rules in your security group to only allow connections to your rds instance from a pre-dfined list of ec2 ip's if you want (or any ips for that matter). AWS will reject any traffic trying to get to that RDS that is not in the list.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top