ContextQMD
Back to Yugabyte Db

Secure clusters

docs/content/stable/yugabyte-cloud/cloud-secure-clusters/_index.md

2026.1.0.0-b253.2 KB
Original Source

YugabyteDB Aeon clusters include the following security features:

FeatureDescription
Network authorizationAccess to YugabyteDB Aeon clusters is limited to IP addresses that you explicitly allow using IP allow lists.
You can further enhance security and lower network latencies by deploying clusters in a virtual private cloud (VPC) network.
Database authorizationYugabyteDB uses role-based access control for database authorization. Using the default database admin user that is created when a cluster is deployed, you can add additional roles and users to provide custom access to database resources to other team members and database clients.
Encryption in transitYugabyteDB Aeon uses encryption in transit for client-server and inter-node connectivity.
Encryption at restData at rest, including clusters and backups, is AES-256 encrypted using native cloud provider technologies: S3 and EBS volume encryption for AWS, Azure disk encryption, and server-side and persistent disk encryption for GCP. For additional security, you can encrypt your clusters using keys that you manage yourself.
AuditingYugabyteDB Aeon provides detailed auditing of activity on your account, including cluster creation, changes to clusters, changes to IP allow lists, backup activity, billing, access history, and more.

Security profile

YugabyteDB Aeon clusters all feature essential security features, such as encryption at rest, encryption in transit, RBAC, and auditing.

You can also create clusters using the Advanced security profile, which additionally enforces the following security features:

  • The cluster must be deployed in a VPC.
  • Public access can't be enabled; clusters can only be accessed from private addresses inside the VPC network.
  • Scheduled backups are required. (Scheduled backups are turned on by default, but for clusters with the Advanced security profile, they can't be turned off.)

{{<index/block>}}

{{<index/item title="IP allow lists" body="Whitelist IP addresses to control who can connect to your clusters." href="add-connections/" icon="fa-thin fa-address-book">}}

{{<index/item title="Database authorization" body="Role-based access control in YugabyteDB Aeon databases." href="cloud-users/" icon="fa-thin fa-users">}}

{{<index/item title="Add database users" body="Add users to your cluster databases." href="add-users/" icon="fa-thin fa-user-plus">}}

{{<index/item title="Encryption in transit" body="YugabyteDB Aeon clusters use TLS and digital certificates to secure data in transit." href="cloud-authentication/" icon="fa-thin fa-binary-lock">}}

{{<index/item title="Encryption at rest" body="Use your own customer managed key to encrypt your clusters." href="managed-ear/" icon="fa-thin fa-file-lock">}}

{{<index/item title="Audit account activity" body="Audit account activity, including changes to clusters, billing, allow lists, and more." href="cloud-activity/" icon="fa-thin fa-calculator">}}

{{</index/block>}}