Frequently Asked Questions

Amazon RDS Security & Encryption

What security features does Amazon RDS provide for protecting my databases?

Amazon RDS secures databases by running them within a Virtual Private Cloud (VPC), allowing you to control network access using Security Groups and Network Access Lists. You can further secure connections from on-premises environments using AWS Direct Connect or VPN. During database creation, you assign a master user with full admin rights, but it's recommended to use these privileges only for defining other users and granting access. You can also choose whether your database is publicly accessible or private, with restrictive security groups recommended for public instances. Note: You cannot access the underlying operating system of the RDS host, which limits some advanced configuration options.
Source: Original Webpage

How does Amazon RDS handle encryption for data in transit and at rest?

Amazon RDS supports encryption for data both in transit and at rest. For data in transit, SSL is supported by all six RDS database engines, with Amazon providing a certificate for secure connections. For data at rest, encryption is managed by AWS Key Management Service (KMS) and applies to instance storage, read replicas, automated backups, and snapshots. Encryption must be enabled during provisioning, and each database receives a unique key from KMS. Note: You cannot change the encryption key of an already encrypted RDS instance directly; you must use the copy snapshot process to apply a new key.
Source: Original Webpage

What are the limitations of Amazon RDS regarding OS access and storage?

With Amazon RDS, you do not have access to the underlying operating system of the database host. This means you cannot make configuration changes unless they are exposed via the RDS console or API. Additionally, RDS has storage limits: SQL Server supports up to 4TB, MySQL/PostgreSQL/MariaDB/Oracle up to 6TB, and Aurora up to 64TB. Expanding beyond these limits requires sharding, archiving, or deleting data.
Source: Original Webpage

How can I change the encryption key for an existing Amazon RDS instance?

You cannot directly change the encryption key of an already encrypted Amazon RDS instance. To update the encryption key, you must create a snapshot of the existing instance, copy the snapshot with the new key, and then restore it to a new encrypted instance. This process is detailed in AWS documentation and video guides.
Source: Original Webpage

N2WS Backup & Recovery for Amazon RDS

How does N2WS help automate backups for Amazon RDS instances?

N2WS Backup & Recovery is a native cloud backup, recovery, and disaster recovery solution for AWS, including RDS databases. It automates backups using AWS EBS and RDS snapshots, directly connecting to your AWS infrastructure. This allows teams to schedule backups as often as needed and recover data quickly. Note: N2WS does not provide direct access to the underlying RDS host or database engine configuration; it operates at the snapshot and backup management layer.
Source: Original Webpage, https://n2ws.com/product

What are the key features of N2WS for backup and disaster recovery?

N2WS offers automated backup and recovery for AWS (including RDS), Azure, and hybrid environments. Key features include near-instant recovery, immutable backups, cost optimization through intelligent storage tiering (saving up to 92% on long-term backup costs), compliance reporting, and a unified console for multi-cloud management. Note: N2WS is best suited for organizations needing automated, policy-driven backup and recovery; it does not provide direct database engine management.
Source: https://n2ws.com/product

How does N2WS address compliance and security for backups?

N2WS is ISO/IEC 27001:2022 certified and SOC compliant by inheritance (leveraging AWS and Azure compliance). It supports regulatory frameworks such as HIPAA, GDPR, FedRAMP, ITAR, and CJIS. Security features include immutable, air-gapped backups, end-to-end encryption (TLS/HTTPS), and multi-factor authentication. Automated compliance reporting and audit-ready reports are available to simplify regulatory adherence. Note: For a copy of the ISO certificate, contact customer.success@n2ws.com.
Source: https://n2ws.com/about/trust-center

Features & Capabilities

What integrations does N2WS offer for automation and monitoring?

N2WS provides a RESTful API for custom integrations and automation of tasks such as user onboarding and backup management. CLI access is available for advanced workflow automation. N2WS integrates with third-party monitoring tools like Datadog, Splunk, and Bocada, as well as various data management and reporting tools. API documentation is available at N2WS RESTful API documentation. Note: Some integrations may require additional configuration or licensing.
Source: https://n2ws.com/pricing

What technical documentation is available for N2WS users?

N2WS provides comprehensive technical documentation, including a user guide, release notes, RESTful API documentation, upgrade guides, and IAM permission files for AWS and Azure. These resources cover deployment, configuration, management, and integration best practices. Access the user guide at docs.n2ws.com/user-guide and API docs at N2WS RESTful API documentation.
Source: https://docs.n2ws.com/user-guide

Use Cases & Benefits

Who can benefit from using N2WS for backup and disaster recovery?

N2WS is designed for cloud directors, IT managers, and managed service providers (MSPs) managing AWS and Azure environments. It is suitable for enterprises with petabyte-scale data, public sector entities requiring compliance (e.g., FedRAMP), healthcare and finance organizations with strict regulatory needs, and industries like retail, education, and nonprofits seeking cost-effective, scalable backup solutions. Note: Organizations requiring direct database engine access or on-premises-only solutions may need to consider alternatives.
Source: https://n2ws.com/product

What business impact can customers expect from using N2WS?

Customers can expect up to 92% savings on long-term backup costs through intelligent storage tiering, up to 50% lower compute costs via resource control, improved data protection with immutable backups, near-instant recovery to minimize downtime, and simplified compliance with automated reporting. N2WS supports petabyte-scale data management and unified backup management across AWS and Azure. Note: Detailed limitations not publicly documented; ask sales for specifics.
Source: https://n2ws.com/product

Competition & Comparison

How does N2WS compare to AWS Backup for RDS and cloud workloads?

N2WS offers several features not available in AWS Backup, including immutable (air-gapped) backups, cross-cloud recovery (AWS and Azure), file/folder-level recovery, custom disaster recovery retention policies, and multi-tenancy for MSPs. N2WS also provides a RESTful API for automation, while AWS Backup requires Lambda scripting. However, AWS Backup may be preferable for organizations seeking a basic, AWS-native solution without advanced features or multi-cloud support. Note: N2WS does not provide direct database engine management; AWS Backup is limited to AWS environments and lacks granular restore and multi-tenancy.
Source: https://n2ws.com/product/aws-backup

Support & Implementation

How long does it take to implement N2WS and how easy is it to get started?

N2WS implementations can be completed in as little as two weeks, supported by dedicated Customer Success Managers, onboarding calls, and detailed documentation. Deployment options include Amazon Machine Image (AMI) from AWS Marketplace or CloudFormation templates. A 30-day free trial is available without a credit card. Note: Implementation time may vary based on environment complexity.
Source: https://n2ws.com/support

Customer Success & Case Studies

Can you share examples of organizations using N2WS for backup and disaster recovery?

Organizations such as Skechers, St. John's University, DB Systel (Deutsche Bahn), City of Oakland, Bahrain Ministry, and Gett have used N2WS to streamline costs, improve backup reliability, automate recovery, and achieve compliance. For example, Skechers standardized backup and recovery across a multi-cloud estate, and Gett saved 50% on cloud costs using N2WS Resource Control. Read more at N2WS case studies. Note: Results may vary by organization and use case.
Source: https://n2ws.com/solutions/case-studies

Must-Know Features of Amazon RDS: Security & Encryption

Part 1 of a 3-part series in which we take you through the must-know features of AWS Relational Database Service (RDS), starting with how to best protect your data and your business with Amazon's diverse security and encryption features.
Share post:

Flexible, precise, and secure relational databases have been a part of most business IT infrastructures for a while now. Today, with the vast amount of information circling around the digital world, the demand for databases is larger than ever, but so are the offerings.

In this three-part article, we will focus on the AWS Relational Database Service (RDS) offered by Amazon since 2009. We also take a look at some of its most important features, focusing on the information you should know before you begin using it. In part one, we start with security. We’ll explain how to best protect your data and your business in the process.

AWS Relational Database Service Overview

RDS offers a quick and easy way to provision databases in the Amazon cloud with just a few clicks. Since RDS is a managed service, all the infrastructure management is taken care of for you; scaling up or down is fairly simple, with six different database engines to choose from. If you prefer an open-source database, you can pick MySQL, MariaDB, or PostgreSQL. On the other hand, if your business requirements dictate the use of a commercial database, you can opt for either the Oracle or Microsoft SQL Server. You can also use Amazon Aurora, which offers both simplicity and reliability, while providing high throughput compared to other options. Aurora is also fully compatible with MySQL and PostgreSQL, allowing your existing applications to work as usual without any modification.

AWS Backup Checklist
Fill in the gaps in your backup and DR strategy

Fortify your cloud across every critical dimension.

the disaster-proof backup & DR checklist

Of course, as with any other managed service, there are trade-offs to consider, so you need to understand the limitations of RDS, as well. For example, one of the biggest downsides is the inability to access the operating system on the host where the database is located. This prevents you from making changes to the database configuration, unless they are already exposed by RDS via console or API. Also keep in mind storage limits, as growing your database past the maximum size (SQL 4TB, MySQL/PostgreSQL/MariaDB/Oracle 6TB, Aurora 64TB) is not a simple task, and requires either sharding (horizontal partitioning of the data), archiving, or simply deleting data.

RDS Security

When you evaluate at IT infrastructure from a business standpoint, security is always your number one priority. When it comes to AWS, databases are run on instances within a VPC, so your network is the first layer of defense. If you are connecting to AWS from an on-premise data center, make sure you are using Direct Connect (a private dedicated connection between you and AWS) or a VPN. Utilizing Security Groups and Network Access Lists is also a must, no matter where you are connecting from. This ensures that only the IP addresses and ports you are using are allowed, and no one else can access your data.

During the creation of the database, you will assign a master user who will have full administration rights, but only use them to define other database users and grant them access. You also can choose whether your database will be publicly accessible or not. While keeping your database private (without a public IP) is better, unless you have a private connection to AWS or you connect only from within your cloud infrastructure, you will have to make the database public. In this case, use a restrictive security group for extra protection.

Encryption

Securing access to your database is of great importance, but so is the protection of the data itself. RDS allows you to protect your data by using encryption, both in transit and at rest. For encryption in transit, SSL is supported by all six database engines. RDS will create a certificate and install it on an instance when it is provisioned. You can download the public key from Amazon and use it to encrypt your connection in order to secure the traffic between you and the database on AWS.

Encryption at rest is also supported by every database engine run by RDS and is applied not only to the instance storage, but also to read replicas, automated backups, and snapshots. Encryption at rest is handled by AWS Key Management Service (KMS) and is enabled during the provisioning of the database. When the instance is up and running, it will request a data key (each database will have its own unique key) from KMS and will use it to encrypt the data. Encryption is also important when it comes to compliance, so make sure you enable it when setting up your database.

Changing your RDS Encryption Key

Keep in mind, you can update your RDS encryption key by using a workaround utilizing your snapshots. The process to clone an existing encrypted Amazon RDS DB instance to a new encrypted RDS DB instance with a different encryption key is fairly simple. Note that you will not be able to change the existing encryption key of an already encrypted RDS DB instance. You must use the copy snapshot process to change the encryption key and then restore the snapshot to a new encrypted instance with the new key. The steps to accomplish this are detailed in this video here.

Backing up your RDS instances with N2WS Backup and Recovery

N2WS Backup & Recovery makes it very easy to automate backups of your RDS instances. N2WS is a native cloud backup, recovery and disaster recovery solution for Amazon EC2 instances, EBS volumes, RDS databases and Redshift Clusters. It utilizes AWS EBS and RDS snapshots, directly connecting to users’ AWS infrastructure to perform automated backups. To learn more about N2WS and how to give your team the ability to back up data as often as needed and recover it far more quickly, you can try our 30-day free trial.

Final Note

The ability to quickly provision fully-managed databases will benefit most businesses. For Ops, it means no infrastructure maintenance, and for Dev less dependence on others as they can create everything they need with minimum AWS experience. With multiple database engines on offer, both commercial and open-source, but with high-end features to keep your data protected, RDS is a diverse service and an easy choice for AWS customers.

In part two of this article, we will continue our features overview and take a closer look at RDS monitoring.

Read Also

You might also like

Achieve rapid NIS2 compliance with this checklist

Achieve rapid NIS2 compliance

Get the easy-to-follow checklist ↓