Posted On: Jun 1, 2022
HAQM Relational Database Service (HAQM RDS) can now publish events to HAQM Simple Notification Service (HAQM SNS) topics that have server-side encryption (SSE) enabled, for additional protection of events that carry sensitive data. HAQM RDS groups events into categories that you can subscribe to so that you can be notified when an event in that category occurs, enabling routing and automation.
When you publish messages to encrypted topics, HAQM SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and an encryption key managed by the AWS Key Management Service (AWS KMS). HAQM SNS encrypted topics work with both customer managed keys and AWS managed keys. The messages are stored in encrypted form, in multiple Availability Zones (Multi-AZs), and decrypted only as they are delivered to subscribing endpoints, such as HAQM Simple Queue Service (HAQM SQS) queues, AWS Lambda functions, and HTTP/S webhooks.
HAQM RDS events on HAQM SNS encrypted topics are available now in all public AWS Regions where AWS KMS is available except AWS GovCloud (US). For pricing details, visit AWS KMS pricing and HAQM SNS pricing. To learn more about HAQM RDS events read Monitoring events, logs, and streams in an HAQM RDS DB instance on encrypted SNS topics, and to route and create automation based on events see HAQM RDS application programming interface (API).