AWS News Blog

HAQM RDS Update – Data at Rest Encryption using AWS KMS Keys

You can now encrypt your HAQM RDS for SQL Server and HAQM RDS for Oracle databases using keys that you manage through AWS Key Management Service (AWS KMS) (this feature was already available for HAQM RDS for MySQL and HAQM RDS for PostgreSQL).

The encryption applies to data at rest on the underlying storage for the database instance, as well as to automated backups, read replicas, and snapshots. It is applied transparently and you don’t need to make any changes to your application. You can enable encryption and choose your keys (or create new ones) when you create a new database instance:

HAQM RDS encryption can be used concurrently with the Transparent Data Encryption (TDE) option that is already available for Oracle and SQL Server.

To learn more about the use of KMS with RDS, read Encrypting HAQM RDS Resources.

Jeff;

TAGS:
Jeff Barr

Jeff Barr

Jeff Barr is Chief Evangelist for AWS. He started this blog in 2004 and has been writing posts just about non-stop ever since.