I have a MySQL RDS DB and am connecting it through an EC2 instance.
My RDS isn't publicly accessible, so I think it can only be connected to through my EC2 instances.
I see at this link https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html that you can set up SSL with your RDS.
Does setting up SSL with your RDS matter if your RDS is protected?
Best Answer
This question -- and its answer -- are primarily regulatory/compliance matters.
If you need to comply with a standard that mandates encryption in transit between systems on the network, then you need SSL on RDS because the AWS network only isolates your VPC's traffic from the machines in all other VPCs -- the traffic is not actually encrypted on the wire as it traverses the cables, routers, and switches within the availability zone or region.
Traffic between systems in a VPC is still traveling unencrypted over the AWS infrastructure within the region, where it is theoretically possible for the traffic to be intercepted by a malicious actor who was able to compromise the AWS infrastructure. Such a compromise is considered highly unlikely, as there are protective controls in place such that it should almost necessarily require physical access and a conspiracy among multiple AWS insiders, but "highly unlikely" isn't the same as "impossible."