Amazon Aurora PostgreSQL introduces dynamic data masking
Amazon Aurora PostgreSQL-Compatible Edition now supports dynamic data masking through the new pg_columnmask extension, allowing you to simplify the protection of sensitive data in your database. pg_columnmask extends Aurora's security capabilities by enabling column-level protection that complements PostgreSQL's native row-level security and column level grants. Using pg_columnmask, you can control access to sensitive data through SQL-based masking policies, define how data appears to users at query time based on their roles, and comply with data privacy regulations like PCI DSS.
With pg_columnmask, you can create flexible masking policies using built-in or user-defined functions. You can completely hide information, replace partial values with wildcards, or define custom masking approaches. Further, you can apply multiple masking policies to a single column and control their precedence using weights. pg_columnmask protects data in complex queries with WHERE, JOIN, ORDER BY, or GROUP BY clauses. Data is masked at the database level during query processing, leaving stored data unmodified.
pg_columnmask is available for Aurora PostgreSQL version 16.10 and higher, and 17.6 and higher in Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD, at no additional cost beyond standard RDS pricing. To learn more, refer to our technical documentation.