Enable encryption on existing RDS instance
#rds#encryption#aws#awscommunitybuilders
jekobokidou

jekobokidou @jekobokidou

About: AWS Solutions Architect, cloud pasionate

Location:
Paris, France
Joined:
May 19, 2021

Enable encryption on existing RDS instance

Publish Date: Feb 27 '23
3 2

Do you know that it is not possible to enable encryption for an Amazon RDS database after it is created?

Unencrypted AWS RDS Instances

Encryption is essential for corporate datas. You must therefore ensure that encryption is enabled for all your Amazon RDS databases at creation.

Imagine the case where a new unencrypted database joins your organization following a merger for example. You will have to catch up.

Don't panic! The solution is quite simple even in a situation where your database is large and is heavily used.

Basically, you will have to do the following:

  1. Create a snapshot of your database;

Create a snapshot of your database

  1. Create an encrypted copy of your snapshot; Create an encrypted copy of your snapshot

Create an encrypted copy of your snapshot

  1. Restore your encrypted snapshot in a new database.

Restore your encrypted snapshot

Your Amazon RDS database is now encrypted!

Encrypted Amazon RDS database

For more follow this link Amazon RDS Encryption

Comments 2 total

  • John P. Rouillard
    John P. RouillardFeb 27, 2023

    If I am reading this correctly, you have an encrypted database with out of date data. How do you bring the encrypted DB up to date with the live heavily used unencrypted database?

    Is there a missing step? Shut down services using the unencrypted database before taking the snapshot?

    • jekobokidou
      jekobokidouMar 11, 2023

      Hello John, sorry for the late reply.
      But you are absolutely right, the strategy described here is the least complex. I am indeed describing the case of a database which accepts a sufficiently long outage time. This strategy would have to be adapted to take into account a BDD that tolerates a very low cut.

Add comment