Encrypting MySQL RDS Connection | AWS Certified Developer - Associate

How to Encrypt Connection to MySQL RDS Instance

Prev Question Next Question

Question

Your team is working on an application that will connect to a MySQL RDS Instance.The security mandate is that the connection to the database from the application should be encrypted.

How can you accomplish this?

Answers

A. By using Access Keys assigned to an IAM user

B. By using Private Key pairs

C. By using SSL

D. By using KMS Keys.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - C.

The AWS Documentation mentions the following.

Option A is incorrect since this is used for programmatic access for a user.

Option B is incorrect since this is used for connection to an EC2 Instance.

Option D is incorrect since it is normally used for encrypting data at rest or before data is sent in transit.

For more information on using RDS with SSL, please refer to the below URL-

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html

Using SSL to Encrypt a Connection to a DB Instance

You can use SSL from your application to encrypt a connection to a DB instance running MySQL, MariaDB, SQL Server, Oracle, or
PostgreSQL. Each DB engine has its own process for implementing SSL. To learn how to implement SSL for your DB instance, use
the link following that corresponds to your DB engine:

¢ Using SSL with a MariaDB DB Instance

* Using SSL with a Microsoft SQL Server DB Instance
¢ Using SSL with a MySQL DB Instance

¢ Using SSL with an Oracle DB Instance

* Using SSL with a PostgreSQL DB Instance

The correct answer to the question is C. By using SSL.

SSL (Secure Sockets Layer) is a protocol used to encrypt data in transit between a client and a server. When using SSL, the connection between the client and server is secured by encrypting the data that is being transmitted. This helps to protect against unauthorized access and data breaches.

To enable SSL for a MySQL RDS instance, you can configure the instance to use SSL by following these steps:

Create an SSL certificate - Amazon RDS provides an SSL certificate that you can use to enable SSL for your MySQL RDS instance. Alternatively, you can use your own SSL certificate.
Configure the MySQL RDS instance - You can configure the MySQL RDS instance to use SSL by modifying the instance's parameter group. You will need to set the value of the 'ssl' parameter to '1', and then provide the SSL certificate details.
Configure the client - Once the MySQL RDS instance has been configured to use SSL, you will need to configure the client to use SSL as well. This will typically involve updating the client's connection string to specify the SSL parameters.

It's worth noting that SSL can provide strong encryption for data in transit, but it does not protect against other types of attacks, such as SQL injection attacks. Therefore, it's important to take additional measures to protect against these types of attacks, such as implementing input validation and using parameterized queries.

To summarize, to accomplish encryption of the connection between the application and MySQL RDS instance, SSL protocol can be used to secure the data in transit. Therefore, option C is the correct answer.

Prev Question Next Question