Encryption for Amazon RDS using keys managed in AWS KMS
Amazon RDS for SQL Server and Oracle now joins Amazon RDS for MySQL and PostgreSQL databases in allowing you to encrypt your databases using keys you manage through AWS Key Management Service (KMS). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots. Encryption and decryption are handled transparently so you don’t have to modify your application to access your data. Amazon RDS encryption will work concurrently with Oracle and SQL Server’s Transparent Data Encryption (TDE) and running Amazon RDS encryption will not affect TDE. When you create a new SQL Server and Oracle database instance, you can choose to enable encryption via the AWS Management Console or API. You may use the default RDS key automatically created in your account, or use a key you created using KMS, to encrypt your data. For more information about the use of AWS Key Management Service with Amazon RDS, see the Amazon RDS User's Guide. To learn more about AWS KMS, visit the AWS KMS overview page.