WKLD.09 Encrypt Amazon RDS databases

Enable encryption for Amazon Relational Database Service (Amazon RDS) databases to protect data at rest. Amazon RDS encrypts data at the underlying volume level and delivers the same IOPS performance as unencrypted volumes with a minimal effect on latency. For more information, see Overview of encrypting Amazon RDS resources in the Amazon RDS documentation.

To encrypt a new Amazon RDS database instance, see Encrypt a database instance in the Amazon RDS documentation.

Note

Encryption must be enabled when creating the database. You cannot enable encryption on an existing unencrypted Amazon RDS database instance. If you need to encrypt an existing unencrypted database, you must create a new encrypted database and migrate your data. For more information, see Copying a DB snapshot for Amazon RDS in the Amazon RDS documentation.

Note

Encrypting Amazon RDS databases with an AWS managed AWS KMS key is available at no additional charge. Customer-managed keys incur a monthly charge per key and a charge per API call. For more information, see AWS Key Management Service pricing.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

WKLD.08 Encrypt Amazon EBS volumes

WKLD.10 Deploy private resources into private subnets