One of the requirements to be HIPAA compliant is to ensure that all the communication between the application components is performed in a secure manner.
The backend application that needed to be HIPPA compliant was composed of:
The communication between the ELB and the API was being done over HTTPS. But the API was accessing the database over HTTP.
We need to ensure that all application components are using encryption for communication between them
We can establish an SSL connection with each RDS database type( Amazon Aurora, MySQL, PostgreSQL, etc). In this guide, we will show the steps to connect over SSL to a PostgreSQL RDS DB from a Node.js application running on EC2.
SSL support is available in all AWS regions for PostgreSQL. Amazon RDS creates an SSL certificate for your PostgreSQL DB instance when the instance is created. If we enable SSL certificate verification, then the SSL certificate includes the DB instance endpoint as the Common Name (CN) for the SSL certificate to guard against spoofing attacks.
To configure our Node.js application to communicate using SSL with the RDS DB we followed the next steps:
In case we want to query some data from our database directly, we need to connect to it over SSL too. To do that, we used DBeaver using the next networking configuration