RDS encryption

RDS encryption can only be setup during initial creation.

If you need to do it after the fact, the correct process is to create a snapshot, encrypt the snapshot and re-create the RDS database from the encrypted snapshot.

Basically, enabling encryption on an existing, in flight, RDS instance will entail downtime.

EBS encryption

The exact same process as above holds for EBS volumes.

Select your unencrypted volume –> Select ‘Actions’ – ‘Create Snapshot’ –> When the snapshot is complete, select ‘Snapshots’ under ‘Elastic Block Store’ Select your newly created snapshot
–>‘Actions’ – ‘Copy’ –> Check the box for ‘Encryption’ –> Select the CMK (why should you use a customer managed key)

Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.

Initial Consultation

Anuj Varma – who has written posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.

 Twitter Linkedin