Our Blog

Amazon Aurora PostgreSQL introduces dynamic data masking

Published
November 24, 2025
https://aws.amazon.com/about-aws/whats-new/2025/11/amazon-aurora-postgresql-dynamic-data-masking

Amazon Aurora PostgreSQL-Compatible Edition

Now supports dynamic data masking through the new pg_columnmask extension, simplifying the protection of sensitive data in your database. This extension enables column-level protection that complements PostgreSQL's native row-level security and column level grants. You can control access to sensitive data through SQL-based masking policies and define how data appears to users at query time based on their roles, helping you comply with data privacy regulations like GDPR, HIPAA, and PCI DSS.

With pg_columnmask, you can create flexible masking policies using built-in or user-defined functions. You can completely hide information, replace partial values with wildcards, or define custom masking approaches. Further, you can apply multiple masking policies to a single column and control their precedence using weights. pg_columnmask helps protect data in complex queries with WHERE, JOIN, ORDER BY, or GROUP BY clauses. Data is masked at the database level during query processing, leaving stored data unmodified.

pg_columnmask is available for Aurora PostgreSQL version 16.10 and higher, and 17.6 and higher in all AWS Regions where Aurora PostgreSQL is available.

What to do

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/cloudfront-anycast-ipv6-support/

Amazon Cloudfront adds IPv6 support for Anycast Static IPs

Amazon CloudFront now supports both IPv4 and IPv6 addresses for Anycast Static IP configurations
Read more
https://aws.amazon.com/about-aws/whats-new/2025/12/api-gateway-mcp-proxy-support/

Amazon API Gateway adds MCP proxy support

Amazon API Gateway now supports Model Context Protocol (MCP) proxy, allowing you to transform your existing REST APIs into MCP-compatible endpoints
Read more
https://aws.amazon.com/about-aws/whats-new/2025/10/open-source-mcp-server-amazon-bedrock-agentcore

Open Source Model Context Protocol (MCP) Server now available for Amazon Bedrock AgentCore

This new standardized interface allows developers to analyze, transform, and deploy production-ready AI agents directly in their preferred development environment
Read more
View all