We are using the configuration that is recommended by AWS as the default database encryption approach. All data is also encrypted in transit (HTTPS).
We are using the configuration recommended by AWS as the default database encryption approach.
In our setup, we use Amazon RDS with Amazon EBS encryption and key management provided by AWS KMS.
This approach uses the Amazon RDS service, where AWS manages the operating system and database engine. We can configure this service to be a highly scalable resource spanning multiple Availability Zones within an AWS Region to provide resiliency.
AWS KMS manages the keys that are used to encrypt the attached Amazon EBS volumes at rest.
All our servers are isolated inside our Virtual Private Cloud (VPC), and it’s only accessible through a VPN connection.
All data is also encrypted in transit (HTTPS).