Encryption for Amazon RDS using keys managed in AWS Key Management Service
Amazon RDS now allows you to encrypt your MySQL or PostgreSQL databases using keys you manage through AWS Key Management Service (KMS). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots. Encryption and decryption are handled transparently so you don’t have to modify your application to access your data. When you create a new MySQL or PostgreSQL database instance, you can choose to enable encryption via the AWS Management Console or API. You may use the default RDS key automatically created in your account or use a key you created using KMS to encrypt your data. For more information about the use of AWS Key Management Service with Amazon RDS, see the Amazon RDS User's Guide. To learn more about AWS KMS, visit the AWS KMS overview page.