Posted On: Jun 1, 2021

Amazon Keyspaces (for Apache Cassandra), a scalable, highly available, and fully managed Cassandra-compatible database service, now supports customer managed customer master keys (CMKs) for encryption of data at rest to help you meet your compliance and regulatory requirements.

Amazon Keyspaces encrypts data at rest by default by using AWS owned CMKs. Now, you also have the option to use customer managed CMKs to encrypt Keyspaces table data to help meet compliance and regulatory requirements and adhere to your organization’s security policies. Keyspaces handles encryption and decryption of data transparently and continues to deliver consistent, single-digit-millisecond response times at any scale. You do not have to modify your code or application to use and update customer managed CMKs. You can use customer managed CMKs with a single click in the AWS Management Console or with a simple Cassandra Query Language API call. You can create, use, rotate, and destroy encryption keys by using AWS Key Management Service (AWS KMS), and you can monitor detailed auditing information about key creation, usage, and deletion with AWS CloudTrail. 

AWS KMS and CloudTrail charges apply for using customer managed CMKs. You can use customer managed CMKs in all AWS Regions where Amazon Keyspaces is offered

To learn more about encryption at rest and how to manage encrypted tables, see Encryption at Rest in Amazon Keyspaces.