Posted On: Jun 1, 2022

Amazon Relational Database Service (Amazon RDS) can now publish events to Amazon Simple Notification Service (Amazon SNS) topics that have server-side encryption (SSE) enabled, for additional protection of events that carry sensitive data. Amazon RDS groups events into categories that you can subscribe to so that you can be notified when an event in that category occurs, enabling routing and automation.

When you publish messages to encrypted topics, Amazon SNS immediately encrypts your messages. The encryption takes place on the server, using a 256-bit AES-GCM algorithm and an encryption key managed by the AWS Key Management Service (AWS KMS). Amazon SNS encrypted topics work with both customer managed keys and AWS managed keys. The messages are stored in encrypted form, in multiple Availability Zones (Multi-AZs), and decrypted only as they are delivered to subscribing endpoints, such as Amazon Simple Queue Service (Amazon SQS) queues, AWS Lambda functions, and HTTP/S webhooks.

Amazon RDS events on Amazon SNS encrypted topics are available now in all public AWS Regions where AWS KMS is available except AWS GovCloud (US). For pricing details, visit AWS KMS pricing and Amazon SNS pricing. To learn more about Amazon RDS events read Monitoring events, logs, and streams in an Amazon RDS DB instance on encrypted SNS topics, and to route and create automation based on events see Amazon RDS application programming interface (API).