Having worked with Oracle Databases for a very long time, this blog post really caught my interest. This is great way to insure Oracle credentials are not in scripts, environment variables, programs or other places where they can be read by the naked eye.
This blog post describes how DB credentials could be stored encrypted in S3. The role (IAM role) on the EC2 instance would be used with its short-term security credentials to let the client pull the DB credentials from S3 as needed.
This blog post describes how DB credentials could be stored encrypted in S3. The role (IAM role) on the EC2 instance would be used with its short-term security credentials to let the client pull the DB credentials from S3 as needed.
http://blogs.aws.amazon.com/security/post/Tx610S2MLVZWEA/Using-IAM-roles-to-distribute-non-AWS-credentials-to-your-EC2-instances
No comments:
Post a Comment