Additional security for geodatabases in PostgreSQL
Access to the ArcGIS for Server instance is controlled by the Amazon security group settings. By default, no outside ports are open, thereby securing your database cluster.
Although the Amazon security group provides the control to block rogue connection requests, you can further secure access to the PostgreSQL database cluster itself. For example, if you open ports in your security group that do allow outside access, you would likely want to increase the security on the database cluster.
To do this, you can alter settings in the pg_hba.conf file found in the PGDATA directory on the instance where PostgreSQL is installed. By default, the pg_hba.conf file is set up to allow any user from any machine to connect to the PostgreSQL database cluster. Alter these settings to designate the IP address or addresses of specific machines that you want to have access to the PostgreSQL database cluster. See PostgreSQL documentation for more information on how to configure the pg_hba.conf file.