AWS Database Blog

Category: AWS Key Management Service

Bring your own encryption keys to Amazon DynamoDB

Today, Amazon DynamoDB introduced support for customer managed customer master keys (CMKs) to encrypt DynamoDB data. Often referred to as bring your own encryption (BYOE) or bring your own key (BYOK), this functionality lets you create, own, and manage encryption keys in DynamoDB, giving you full control over how you encrypt and manage the security […]

Read More

Performing SQL database client-side encryption for multi-Region high availability

Amazon Relational Database Service (RDS) and Amazon Aurora natively provide encryption at rest to protect the underlying storage of database instances, automated backups, Read Replicas, and snapshots. However, some customers may have greater data protection requirements which require encrypting data in use. For example, encryption is required where tokenization solutions do not fit, such as when […]

Read More

Securing data in Amazon RDS using AWS KMS encryption

Data privacy is essential for organizations in all industries. Encryption services provide one standard method of protecting data from unauthorized access. However, encryption changes data in a way that makes it unreadable without the correct decryption key. Amazon RDS encrypts data by default, using AWS owned keys. However, some customers prefer to encrypt data using […]

Read More

Understanding Amazon DynamoDB encryption by using AWS Key Management Service and analysis of API calls with Amazon Athena

As applications evolve to be more scalable for the web, customers are adopting flexible data structures and database engines for their use cases. Using NoSQL data stores has become increasing popular because of NoSQL’s flexible data model for building modern applications. Amazon DynamoDB is a fast and flexible NoSQL database service that can provide consistent […]

Read More

How to encrypt Amazon Aurora using AWS KMS and your own CMK

When selecting a relational database engine, customers look at many different aspects, including management, performance, reliability, automation, and more recently, the ability to natively encrypt data at rest. Amazon Aurora provides a highly available, optimal, and scalable relational database engine that supports both MySQL and PostgreSQL. Amazon Aurora also supports native encryption of data at […]

Read More

Client-Side Encryption and Decryption of Microsoft SQL Server Backups for Use with Amazon RDS

This blog post walks you through how to securely encrypt a Microsoft SQL Server backup file and restore the encrypted backup to an Amazon RDS for SQL Server instance. You perform this process using Amazon Simple Storage Service (Amazon S3) and AWS Key Management Service (AWS KMS). This post details the encryption and steps required […]

Read More