Evaluating security approaches for Db2 LUW databases on AWS

Sai Parthasaradhi and Vikas Gupta, Amazon Web Services (AWS)

September 2023 (document history)

When you migrate your critical enterprise workloads from an IBM Db2 on-premises database to the Amazon Web Services (AWS) Cloud, you must have reliable mechanisms for securing your databases on AWS.

When migrating Db2 databases from on premises to the cloud, set up robust controls so that only the right set of users can access the required data. In addition, periodically review and audit all access controls. This guide covers the following aspects of securing IBM Db2 databases on the AWS Cloud:

Authentication, including operating system and Kerberos, with Lightweight Directory Access Protocol (LDAP)
Authorization
Encryption
Auditing
Fine-grained access control, including label-based access control (LBAC) and row and column access control (RCAC)
Auditing
Encryption

This guide will also provide best practices.

Objectives

Use this guide as a reference to achieve the following business outcomes:

Improved data protection – Enhance the security of your Db2 databases, helping to protect sensitive and confidential data from unauthorized access, theft, or manipulation.
Mitigated security risks – Identify and address vulnerabilities within your organization's database systems.
Compliance with regulations – Understand and implement the necessary security measures to comply with relevant data protection regulations.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Authentication