AWS News Blog

Amazon RDS Update – Data at Rest Encryption using AWS KMS Keys

You can now encrypt your Amazon RDS for SQL Server and Amazon RDS for Oracle databases using keys that you manage through AWS Key Management Service (AWS KMS) (this feature was already available for Amazon RDS for MySQL and Amazon RDS for PostgreSQL).

The encryption applies to data at rest on the underlying storage for the database instance, as well as to automated backups, read replicas, and snapshots. It is applied transparently and you don’t need to make any changes to your application. You can enable encryption and choose your keys (or create new ones) when you create a new database instance:

Amazon RDS encryption can be used concurrently with the Transparent Data Encryption (TDE) option that is already available for Oracle and SQL Server.

To learn more about the use of KMS with RDS, read Encrypting Amazon RDS Resources.


Jeff Barr

Jeff Barr

Jeff Barr is Chief Evangelist for AWS. He started this blog in 2004 and has been writing posts just about non-stop ever since.