Encrypting data at rest is a security best practice. RDS instances must also be encrypted. If you have an existing unencrypted RDS instance, this article will guide you on how you can migrate it to an encrypted one.
Exposing AWS RDS database instances to the internet is generally a bad security practice since it contains data meant to be consumed by specific instances only. If that is the case for you as well, follow this article to see how you can restrict access to your RDS Instances.
Public AWS RDS database snapshots are accessible to any AWS user. If you have created a public RDS snapshot that may contain sensitive or private information and would like to change it to a private snapshot, follow this step-by-step guide.
The AWS RDS service, by default, does not enable transport layer security, allowing clients to connect insecurely if they want to. This article shows how SREs, DevOps, and RDS administrators can lower the risk that this default configuration poses.
The AWS RDS service, by default, does not enable secure transport layer security, allowing clients to connect insecurely if they want to. This is a blogpost to look at its discovery, why this is a problem and what you can possibly do to mitigate it.
