
Encrypting Amazon RDS Resources - makmanalp
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
======
chrisfarms
This is encrypting the disk that the RDS instance is using to store the data
right? And amazon are holding the decryption key.

What exactly is this protecting against? (Genuine question not rhetoric).

Without encryption, I guess someone with physical access to an Amazon data
center could pull a drive somewhere and grab the data.

With encryption, that same person would also have to get hold of the key as
well, but nothing seems to be said about the key storage being in some
separate super secure location, so could that same malicious employee with
physical access not also go on a key hunt and end up getting access anyway? So
it's just another "layer" of protection not totally impossible.

.... or am I missing something crazy obvious where an unencrypted RDS disk is
accessible by some other means? Maybe via to nature of disks being reused
without proper cleaning or similar?

~~~
higherpurpose
I wonder if it has anything to do with the fact that the CIA is now an Amazon
customer. Hopefully they don't also become Amazon's _employees_.

~~~
woodhull
The NSA almost certainly has staff posing as Amazon Web Services employees.
They would be negligent _not_ to have infiltrated the company.

------
adwf
Great news, I might finally be able to use RDS now. I'm always impressed that
the AWS team seem to be on the ball with improvements - whenever I think "I
could really do with X feature", they come out with it a few months later.

Having said that, the limitations at the bottom are a little arduous if you're
already on RDS. Can't encrypt an existing unencrypted database. So you'd think
to take a backup and restore to a new encrypted DB, but you can't do that
either. Nor can you stream from an unencrypted master to an encrypted replica,
freeze and swap over. Bit of a pain there!

------
brechmos
It looks great but it appears the smallest encrypted RDS is medium. I would
love to see it for the micro or small instances (my level :-) ).

------
nahname
Encrypting backups makes a lot of sense. Is encrypting an active db a
requirement in some enterprise environments?

~~~
ceejayoz
PCI compliance requires that, IIRC.

~~~
michaelmior
Been a while since I've had to deal with PCI, but I don't think encryption is
required.

~~~
Spooky23
It is now. From
[https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pd...](https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf)

PCI Requirement 3.4:

Render PAN unreadable anywhere it is stored (including on portable digital
media, backup media, and in logs) by using any of the following approaches:

\- One-way hashes based on strong cryptography, (hash must be of the entire
PAN)

\- Truncation (hashing cannot be used to replace the truncated segment of PAN)

\- Index tokens and pads (pads must be securely stored)

\- Strong cryptography with associated key-management processes and
procedures.

PCI Requirement 3.5

Document and implement procedures to protect keys used to secure stored
cardholder data against disclosure and misuse.

~~~
michaelmior
Perhaps this is new in v3 since I was working under v2 at the time. It
certainly makes sense that the card number must be stored encrypted.

