Ensure that Microsoft SQL Server instances provisioned with Amazon RDS have Transport Encryption feature enabled in order to meet security and compliance requirements. Transport Encryption is the AWS RDS feature that forces all connections to your SQL Server database instances to use SSL. Once enabled, the data transport encryption and decryption is handled transparently and does not require any additional action from you or your application.
According to HIPAA Compliance, all connections made to Amazon RDS SQL Server instances that process, store and transmit PHI (Protected Health Information) must use encryption provided by the RDS Transport Encryption feature which basically enables the SQL Server force SSL parameter. Note: The instructions outlined in this conformity rule can be applied only to Microsoft SQL Server database instances.
To determine if your SQL Server instances have the RDS Transport Encryption feature enabled, perform the following:
To enable the Transport Encryption feature for your Microsoft SQL Server database instances, you need to update the necessary RDS parameter group and change the rds.force_ssl parameter value to 1. To update the RDS parameter group and reboot the required SQL Server instances, perform the following steps: