Amazon RDS for Oracle as the target - AWS Prescriptive Guidance
Securing data at rest and data in transit in Amazon RDS

Amazon RDS for Oracle as the target

If your target database is an Amazon RDS for Oracle instance, make sure that it has sufficient access to read and write the files to and from Amazon S3. For more information about Amazon S3 integration with Amazon RDS for Oracle instances, see the AWS documentation.

To copy the Oracle Database dump files to Amazon RDS for Oracle, connect to the RDS for Oracle instance through a client tool such as SQL Developer and run the following code.

SELECT rdsadmin.rdsadmin_s3_tasks.download_from_s3(
      p_bucket_name    =>  's3bucketname', -- provide the S3 bucket name where the dump files are located
      p_directory_name =>  'DATA_PUMP_DIR') 
   AS TASK_ID FROM DUAL;

In a separate query window, check the progress and files in the DATA_PUMP_DIR in the Amazon RDS for Oracle instance by running the following code.

SELECT SID, SERIAL#, CONTEXT, SOFAR, TOTALWORK,opname,
       ROUND(SOFAR/TOTALWORK*100,2) "%_COMPLETE",units
FROM   V$SESSION_LONGOPS
where  OPNAME NOT LIKE '%aggregate%'
AND    TOTALWORK != 0 
AND    SOFAR <> TOTALWORK; 
select * from table(RDSADMIN.RDS_FILE_UTIL.LISTDIR('DATA_PUMP_DIR')) order by filename;

Securing data at rest and data in transit in Amazon RDS

Amazon RDS follows the AWS shared responsibility model for data protection. According to this model, AWSS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. This content includes the security configuration and management tasks for the AWS services that you use. For more information about data privacy, see the Data Privacy FAQ.

We recommend that you secure your data in the following ways:

  • Encrypt Amazon RDS resources with AWS Key Management Service (AWS KMS). Amazon RDS encrypted DB instances provide an additional layer of data protection by securing your data from unauthorized access to the underlying storage. You can use Amazon RDS encryption to increase data protection of your applications deployed in the cloud, and to fulfill compliance requirements for encryption at rest. For information about how to encrypt your Amazon RDS instances, see the AWS documentation.

  • Encrypt connections to the databases. You can use SSL/TLS to encrypt a connection to a DB instance. For more information about encrypting connections to Amazon RDS for Oracle instances, see the AWS documentation.