RDS-PostgreSQL supports CTIAM authentication and multiple access controls to ensure the security of your cloud database in all-around manners.
Identity Authentication
• CTIAM
Identity and Access Management (short for CTIAM) is a basic service that provides users with permission management. With CTIAM, you can safely control the access and operation permissions of eSurfing Cloud services and resources, including user identity authentication, permission allocation, access control, and other functions.
You can create an IAM user and set RDS-PostgreSQL instance permissions. Then, you can access the authorized instance resources with a username and password.
Access Control
• Permission Control After purchasing an RDS-PostgreSQL instance, you can use CTIAM to set different access permissions for employees in your enterprise to achieve permission isolation among different employees. CTIAM enables fine permission management.
• VPC and Subnet The Virtual Private Cloud (VPC) builds an isolated and private virtual network environment for RDS-PostgreSQL, thereby improving database security and simplifying user network deployment. You can fully control your proprietary network. With rich functions, VPC helps you flexibly manage the network on the cloud, including creating subnets, setting security groups and network ACLs, managing routing tables, applying for EIPs and bandwidths, etc. Dedicated network resources that are isolated from other networks are provided through subnets to improve network security. For details, see Virtual Private Cloud-User Guide-Creating a Virtual Private Cloud and a Subnet.
• Trustlist Management With this function, you can set an accessible IP address or IP terminal for the instance, thereby controlling the secure access of the database and ensuring the security of its access source. For details, see RDS-PostgreSQL-User Security-Data Security-Trustlist Management.
• Security Group A security group is a logical group that provides the same access policy for database instances that have the same security protection requirements and are mutually trusted in a VPC. You can set up security groups for database instances and enable IP addresses and ports that need to access the database to ensure the security and stability of the operating environment. For details, see RDS-PostgreSQL-Quick Start-Step II: Configuring Security Group Rules.