Posted On: Jun 1, 2021
Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, now supports customer managed customer master keys (CMKs) for encryption of data at rest to help you meet your compliance and regulatory requirements.
Amazon Keyspaces encrypts data at rest by default by using CMKs owned by Amazon Web Services. Now, you also have the option to use customer managed CMKs to encrypt Keyspaces table data to meet compliance and regulatory requirements and adhere to your organization’s security policies. Keyspaces handles encryption and decryption of data transparently and continues to deliver consistent, single-digit-millisecond response times at any scale. You do not have to modify your code or application to use and update customer managed CMKs. You can use customer managed CMKs with a single click in the Amazon Web Services Management Console or with a simple Cassandra Query Language API call. You can create, use, rotate, and destroy encryption keys by using Amazon Key Management Service (Amazon KMS), and you can monitor detailed auditing information about key creation, usage, and deletion with Amazon CloudTrail.
Amazon KMS and CloudTrail charges apply for using customer managed CMKs. You can use customer managed CMKs in the Amazon Web Services China (Beijing) region, operated by Sinnet and Amazon Web Services China (Ningxia) region, operated by NWCD regions.
To learn more about encryption at rest and how to manage encrypted tables, see Encryption at Rest in Amazon Keyspaces.