Amazon ElastiCache for Redis adds support for customer managed keys in AWS Key Management Service for encryption at rest

Posted on: Aug 29, 2019

Amazon ElastiCache for Redis now supports encryption at rest using customer managed customer master keys (CMKs) in AWS Key Management Service (KMS). You can now use your own CMKs to encrypt data at rest in ElastiCache for Redis. Customer managed CMKs are CMKs in your AWS account that you create, own and manage. When you enable encryption at rest with CMKs, Amazon ElastiCache for Redis encrypts all data on disk including service backups stored in Amazon S3 with your encryption key.

With AWS KMS integration and support for customer managed CMKs, ElastiCache for Redis now provides you more control and flexibility to meet your security requirements. These new features expand ElastiCache for Redis’ already available encryption controls including service managed encryption at rest and encryption in transit using TLS. To learn more about customer managed CMK support in ElastiCache for Redis, and other encryption options, visit our documentation.

Support for AWS KMS customer managed CMKs in ElastiCache for Redis is generally available in all AWS Regions except Asia Pacific (Osaka) Local, AWS GovCloud and AWS China regions. Additional AWS KMS charges will apply. To learn more about AWS KMS and pricing, see AWS Key Management Service.