Dynamic data masking in Amazon RDS for PostgreSQL, Amazon Aurora PostgreSQL, and Babelfish for Aurora PostgreSQL
Database Blog
The article discusses a dynamic data masking technique for Amazon RDS for PostgreSQL, Aurora PostgreSQL, and Babelfish for Aurora PostgreSQL, which helps protect sensitive data while allowing legitimate access.
- Introduces a PostgreSQL Dynamic Data Masking (PGDDM) package that generates masking views based on user personas
- Provides five main masking patterns: default, partial, email, random for text and numeric data types
- Uses tables to track PII columns, masking patterns, and authorized roles
- Allows generation of masking views that automatically hide sensitive information for unauthorized users
- Supports different masking functions like replacing text with 'X' or randomizing numbers
However, the solution has limitations including read-only nature, potential performance impact, and possible bypass vulnerabilities. The code is available in a GitHub repository for implementation.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.