Secure clusters

Secure clusters in YugabyteDB Aeon

Configure the security features of your YugabyteDB Aeon clusters

YugabyteDB Aeon clusters include the following security features:

Feature Description
Network authorization Access to YugabyteDB Aeon clusters is limited to IP addresses that you explicitly allow using IP allow lists.
You can further enhance security and lower network latencies by deploying clusters in a virtual private cloud (VPC) network.
Database authorization YugabyteDB uses role-based access control for database authorization. Using the default database admin user that is created when a cluster is deployed, you can add additional roles and users to provide custom access to database resources to other team members and database clients.
Encryption in transit YugabyteDB Aeon uses encryption in transit for client-server and intra-node connectivity.
Encryption at rest Data at rest, including clusters and backups, is AES-256 encrypted using native cloud provider technologies: S3 and EBS volume encryption for AWS, Azure disk encryption, and server-side and persistent disk encryption for GCP. For additional security, you can encrypt your clusters using keys that you manage yourself.
Auditing YugabyteDB Aeon provides detailed auditing of activity on your account, including cluster creation, changes to clusters, changes to IP allow lists, backup activity, billing, access history, and more.

Security profile

YugabyteDB Aeon clusters all feature essential security features, such as encryption at rest, encryption in transit, RBAC, and auditing.

You can also create clusters using the Advanced security profile, which additionally enforces the following security features:

  • The cluster must be deployed in a VPC.
  • Public access can't be enabled; clusters can only be accessed from private addresses inside the VPC network.
  • Scheduled backups are required. (Scheduled backups are turned on by default, but for clusters with the Advanced security profile, they can't be turned off.)