Posted On: Jun 1, 2021

Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, now supports customer managed AWS KMS keys for encryption of data at rest to help you meet your compliance and regulatory requirements.

Amazon Keyspaces encrypts data at rest by default by using AWS owned KMS keys. Now, you also have the option to use customer managed KMS keys to encrypt Keyspaces table data to help meet compliance and regulatory requirements and adhere to your organization’s security policies. Keyspaces handles encryption and decryption of data transparently and continues to deliver consistent, single-digit-millisecond response times at any scale. You do not have to modify your code or application to use and update customer managed KMS keys. You can use customer managed KMS keys with a single click in the AWS Management Console or with a simple Cassandra Query Language API call. You can create, use, rotate, and destroy encryption keys by using AWS Key Management Service (AWS KMS), and you can monitor detailed auditing information about key creation, usage, and deletion with AWS CloudTrail.

AWS KMS and CloudTrail charges apply for using customer managed KMS keys. You can use customer managed KMS keysin all AWS Regions where Amazon Keyspaces is offered

To learn more about encryption at rest and how to manage encrypted tables, see Encryption at Rest in Amazon Keyspaces.