Security Practices

There are two types of distinct and limited access in Aerospike Cloud:

• Aerospike Cloud account members:

  • Can access management tools through the Cloud Console or public applications
  • Are limited to the Console and APIs inside the Aerospike Cloud organization.
  • Have broad powers to administer databases, create API keys for public API access, and manage Aerospike Cloud database users

• Aerospike Database users:

  • Can access an Aerospike database running in the cloud using database credentials
  • May be granted specific roles that enable access to manipulate the database
  • Can not create other database users

Best Practices

Aerospike Cloud currently only supports VPC peering connectivity. The database and it’s endpoints will only be available through a VPC peering connection during preview.

Best practices for Aerospike Cloud account members

• Limit access to your account to a small number of trusted administrators
• Consider using multiple accounts to separate concerns in large organizations

Best practices for Aerospike Cloud database users

• Scope roles to the minimal needed permission set using the principle of least privilege
• Choose secure passwords
• Periodically rotate passwords or users
• Use VPC peering connections to your database

Connecting to your cluster with VPC peering

VPC peering connections in AWS are managed over a private network with encrypted traffic. With VPC peering the Aerospike Database cluster and associated node addresses and metrics endpoints are only available through a controlled connection. You can read about them in AWS’s VPC peering documentation.

Aerospike Cloud supports disabling TLS encryption between VPCs but this is not a recommended practice. See Configure AWS VPC peering for information about configuring a connection.