Access Requirements for Connecting an Application to a Database in AWS

By John Paul Mueller

When working with AWS cloud data, accessing the data requires an endpoint, just as it does for your local network or drive. Nothing really changes from a procedural perspective, except that you must now provide a different endpoint than normal.

From a developer perspective, the endpoint that RDS provides for a database instance is nothing more than a URL, which means that you can use the same techniques that you use for any online data. This consideration also applies to any administrator tools used for private data. Administrators must consider the following issues as part of the application migration:

  • Verify that a connection works before attempting to use it to perform tasks on the data.
  • Assume that the connection will go down at some point, so make sure to verify that the connection is still present before each task.
  • Assume that someone will hack your data, no matter what security precautions you take, because the data is now available in a public venue (so have a recovery plan in place).
  • Ensure that security measures work as anticipated so that every user group can access the data within the boundaries set by company policy.
  • Define security policies for working with data in a public venue that address social hacking issues.
  • Consider legal and privacy requirements before moving the data.
  • Develop a plan for dealing with sensitive data that inadvertently makes it to your hosted database rather than staying on the local network or on a specific machine.

These precautions are in addition to the precautions you normally take when connecting an application to a database. The actual coding that you use may not change much (except for the addition of checks to address online access requirements), but the focus of how the application makes connections and performs required tasks does need to change. Otherwise, your organization might make front-page news after getting hacked and losing a lot of data to someone in another country.