Posted On: Jun 1, 2022

Amazon Relational Database Service (Amazon RDS) can now publish events to Amazon Simple Notification Service (Amazon SNS) topics that have server-side encryption (SSE) enabled, for additional protection of events that carry sensitive data. Amazon RDS groups events into categories that you can subscribe to so that you can be notified when an event in that category occurs, enabling routing and automation.

When you publish messages to encrypted topics, Amazon SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and an encryption key managed by the Amazon Key Management Service (Amazon KMS). Amazon SNS encrypted topics work with both customer managed keys and Amazon managed keys. The messages are stored in encrypted form, in multiple Availability Zones (Multi-AZs), and decrypted only as they are delivered to subscribing endpoints, such as Amazon Simple Queue Service (Amazon SQS) queues, Amazon Lambda functions, and HTTP/S webhooks.

Amazon RDS events on Amazon SNS encrypted topics are available now in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. For pricing details, visit Amazon KMS pricing and Amazon SNS pricing. To learn more about Amazon RDS events read overview of Amazon RDS event notifications with server-side encryption, and to route and create automation based on events see Amazon RDS application programming interface (API).