Introduction to AWS MySQL Security on RDS : Network

Mydbops
Apr 4, 2022
5
Mins to Read
All

Nowadays everything is getting digitalized and migration toward the cloud is at its peak. There is a high chance of data leaks if we don’t tighten the security of the Database servers. It is mandatory to secure the database by restricting access to Database. Although we have restricted the access. We need to monitor the activity of the user to prevent the unwanted usage of data.

Security will be split into three layers

  1. Network-level security.
  2. OS level security.
  3. Database level security.

OS level security will be handled by the AWS team. Since It is managed by the AWS Team. So all the security patching, minor version upgrades of OS, and kernel tuning will be governed by the AWS infra team.

Network-level security and database-level security are owned by the end user.

Network-level security:

When looking at network-level security VPC (Virtual Private Cloud) will come into the picture.

VPC (Virtual Private Cloud) :

VPC is used to do IP level restrictions to the instance. We are defining the IP range for the VPC. The VPC will be isolated and dedicated to the AWS account. By default, AWS will create an instance with default VPC, but it has both private and public subnet groups. We can create our own VPC and configure the instance using that.

We can have different VPCs for staging and production as well. To have an isolated network for both an environment.

Under VPC, we need to take care subnet and the security group.

Subnet :

IP range will be vast, we won’t use all those IP ranges. Instead of that, we can organize our IP range. We can use different ranges for different projects and it will be isolated to each range. So it will be more secure. But we should make sure we are using a private subnet instead of a public one. To avoid public access to DB. Based on the subnet, the IP will be get allocated for the instance created.

Security group :

The security group is like a firewall, which controls the incoming and outing traffic of the instance. Instead of allowing all the IP and the port access to Database. We can restrict the connectivity using the security group. As a standard and secure process, it is always suggested to whitelist only the required port and IP instead of allowing all IPs. If an application is running in a box, we should whitelist only the application host IP with port 3306 (MySQL port) instead of all the ports and IP.

Network Security Flow :

In the upcoming blog, we will discuss more about the database level security and how to monitor user activity inside the database.

security
MySQL
No items found.

About the Author

Mydbops

Continue Reading

Mastering Null Handling in MongoDB

Sep 27, 2024
4
Mins to Read
All

Mastering Sorting in MongoDB: Arrays, Objects, and Collation

Sep 30, 2024
4
Mins to Read
All

Dumpling – Logical backup tool for TiDB

Oct 1, 2024
3
Mins to Read
All

Stable API for Seamless MongoDB Upgrades

Oct 7, 2024
2 mins
Mins to Read
All

Subscribe Now!

Subscribe here to get exclusive updates on upcoming webinars, meetups, and to receive instant updates on new database technologies.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Services
Managed Services
Consulting
Performance & Security Audit
Remote DBA
Cloud Cost Optimisation
Database Proxies
Resources
Blogs
Webinars
Case Studies
Meetups
Company
About Us
Contact Us
Career
Made By
© All Rights Reserved
Privacy Policy
Terms & Conditions