Posted On: Jul 18, 2019

Amazon RDS now allows you to encrypt your RDS databases using keys you manage through Amazon Key Management Service (KMS).

This feature supports all RDS engines (MySQL, PostgreSQL, MariaDB, SQL Server and Oracle) and Amazon Aurora (both PostgreSQL- and MySQL- compatible versions). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots.

Encryption and decryption are handled transparently so you don’t have to modify your application to access your data. When you create a new database instance, you can choose to enable encryption via the Amazon Web Services Management Console or API.

You can use the default RDS key automatically created in your account or use a key you created using KMS to encrypt your data. For more information about using  Amazon Key Management Service (KMS) with Amazon RDS, see the Amazon RDS User's Guide.

To learn more about Amazon KMS, visit the Amazon KMS overview page.