DB Sercurity (RDS, Redshift, Aurora)

• infrastructure resources (IAM) (At rest)
• database level (set up permisstion for database's user) (at rest)
• record level (encrypt to protect data at rest (KMS...), use SSL/HTTPS to protect data in transit )
• network level (Use VPC, security group (for database deploy with EC2)) (At rest)

RDS

• RDS runs on virtual machines
• cannot log in to these operating systems
• RDS is not serverless, however Aurora is Serverless
• Online Transaction Processing (OLTP) (OLAP Online Analytics Processing - Redshift)
• once rds instance is encrypted (use KMS - Amazon Key Management Service or TDE - Transparent Data Encryption), automated backups, read replicas, snapshots is also encrypted
• DB parameter groups: act as a container for engine configuration, can apply to one or more DB instances (can change db parameter groups of instance but reboot is required)
• DB option groups: act as a container for engine features
• RPO - Recovery Point Objective the maximum period of data loss that is acceptable in the event of failure
• RTO - Recovery Time Objective the maximum amount of downtime that is permitted to recover from backup and to resume processing
• License Included: Oracle Standard One, SQL Server Express, SQL Server Web
• Bring You Own License: Oracle all edition (standard one, standard, enterprise), SQL Server Standard, SQL Server Enterprise
• by default, security group of RDS enables port when created

Back ups

• automated backups
  • enabled by default
  • backup data is stored in S3 and storage space is free
  • is deleted after delete the original RDS instance