Security
Does Amazon Aurora run in Amazon Virtual Private Cloud (Amazon VPC)?
Yes, Aurora DB instances can be created in a VPC
For streamlined setup, you can create an Aurora serverless instance without a VPC using express configuration.
Does Amazon Aurora support dynamic data masking?
Yes. Amazon Aurora PostgreSQL supports native dynamic data masking though the pg_columnmask extension. Dynamic data masking lets you obscure sensitive column values at query time — such as personally identifiable information (PII), payment data, and health records — without altering the data stored on disk, helping you meet regulatory requirements like GDPR, HIPAA, and PCI DSS.
Does Amazon Aurora support encryption?
Yes. Amazon Aurora uses SSL (AES-256) to secure connections between the database instance and your application. You can encrypt databases at rest using keys you manage through AWS Key Management Service (AWS KMS)
When encryption is enabled, data stored at rest in the underlying storage is encrypted, along with automated backups, snapshots, and replicas in the same cluster. Encryption and decryption are handled seamlessly. For more information, see the Amazon RDS User's Guide.
Note: Encrypting an existing unencrypted Aurora instance is not currently supported. To encrypt an existing database, create a new encrypted DB instance and migrate your data into it.
How do I connect to my Aurora database securely?
Aurora databases must be accessed through the database port entered on database creation. This provides an additional layer of security for your data. Step-by-step instructions on how to connect to your Amazon Aurora database are provided in the Amazon Aurora Connectivity Guide
Is Amazon Aurora HIPAA eligible?
Yes, both the MySQL- and PostgreSQL-compatible editions of Aurora are HIPAA eligible
How does Amazon Aurora integrate with Amazon GuardDuty?
Aurora is integrated with Amazon GuardDuty
Where can I find Aurora security updates?
You can find a current list of CVEs at Amazon Aurora Security Updates