There are a few best practices that have been specified by AWS for RDS services. They are:
- Run your RDS under VPC for greater network access control
- Use an IAM policy to grant a specific permission to users to perform actions on databases
- Use a security group to control and manage the traffic to and from the database
- Use SSL for connection encryption
- Use RDS encryption to secure your database instances and snapshots at rest
- For Oracle database, use Oracle Native Network Encryption and transport data protection
- Use the security features of your DB engine to control who can log in to the databases on a DB instance