Posted On: Jul 18, 2019

Amazon RDS now allows you to encrypt your RDS databases using keys you manage through AWS Key Management Service (KMS).

This feature supports all RDS engines (MySQL, PostgreSQL, MariaDB, SQL Server and Oracle) and Amazon Aurora (both PostgreSQL- and MySQL- compatible versions). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.

Encryption and decryption are handled transparently so you don’t have to modify your application to access your data. When you create a new database instance, you can choose to enable encryption via the AWS Management Console or API.

You can use the default RDS key automatically created in your account or use a key you created using KMS to encrypt your data. For more information about using  AWS Key Management Service (KMS) with Amazon RDS, see the Amazon RDS User's Guide.

To learn more about AWS KMS, visit the AWS KMS overview page.