Posted On: Oct 16, 2018

You can now easily encrypt a previously unencrypted Amazon Redshift cluster with an AWS Key Management Service (AWS KMS) encryption key. 

When you enable KMS encryption, Amazon Redshift automatically migrates your data to a new, encrypted cluster. The data blocks and system metadata are encrypted on the new cluster, as well as on subsequent snapshots. With encryption, you can protect your sensitive data at rest and be GDPR ready.

You can use one-click encryption only when migrating to a KMS-encrypted cluster. To convert to a cluster using a hardware security module (HSM), you can create a new encrypted cluster and move your data to it.

You can modify your cluster's encryption using the AWS management console or the AWS CLI. During the migration process, the cluster is available in read-only mode and the cluster status appears as 'resizing'. To learn more, see Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.

Modifying cluster encryption is now available in all AWS commercial regions. Refer to the AWS Region Table for Amazon Redshift availability.