Do you know that it is not possible to enable encryption for an Amazon RDS database after it is created?
Encryption is essential for corporate datas. You must therefore ensure that encryption is enabled for all your Amazon RDS databases at creation.
Imagine the case where a new unencrypted database joins your organization following a merger for example. You will have to catch up.
Don't panic! The solution is quite simple even in a situation where your database is large and is heavily used.
Basically, you will have to do the following:
- Create a snapshot of your database;
-
Create an encrypted copy of your snapshot;
- Restore your encrypted snapshot in a new database.
Your Amazon RDS database is now encrypted!
For more follow this link Amazon RDS Encryption
Top comments (2)
If I am reading this correctly, you have an encrypted database with out of date data. How do you bring the encrypted DB up to date with the live heavily used unencrypted database?
Is there a missing step? Shut down services using the unencrypted database before taking the snapshot?
Hello John, sorry for the late reply.
But you are absolutely right, the strategy described here is the least complex. I am indeed describing the case of a database which accepts a sufficiently long outage time. This strategy would have to be adapted to take into account a BDD that tolerates a very low cut.