Are you looking for how to change the encryption key used by the Amazon RDS DB instance? We can help you!
We often receive similar queries from our AWS customers as a part of our AWS Support Services.
Today, let’s see the steps followed by our Support Techs to help our customers to update the encryption key used by the RDS DB instance.
Change the encryption key used by the Amazon RDS DB instance
Amazon RDS can encrypt the Amazon RDS DB instances. The encryption provides additional data protection by securing the data from unauthorized access.
We can’t change the encryption key used by an RDS DB instance. But we can create a copy of the Amazon RDS DB instance, and then select a new encryption key for the copy.
Now, let’s discuss the steps followed by our Support Techs to create a copy of an RDS DB instance with a new encryption key.
Creating a copy of an Amazon RDS DB instance with a new encryption key
- First, we need to create a manual snapshot of the Amazon RDS DB instance.
Steps to create a manual snapshot:
- Log in to the AWS Management console and then open the Amazon RDS console.
- Then select Databases.
- Select the DB instance that we want to take a snapshot of from the list of DB instances.
- Select Take snapshot for Actions.
- Take DB snapshot page will appear and there we can enter the snapshot name.
- Then click Take snapshot.
Then the snapshot will appear on the Snapshots page. We can see its creation time after its status become Available.
2. Open the RDS console and select Snapshots.
3. Then select our snapshot, select Actions, and then select Copy Snapshot. Also, make sure to select Enable encryption.
4. Then select the new encryption key that we want to use for the Master key.
5. Finally, we need to restore the copied snapshot.
Steps to restore a DB instance from a DB snapshot:
- Log in to the AWS Management Console and open the Amazon RDS console.
- Select Snapshots.
- Now select the DB snapshot that we wish to restore.
- Then select Restore snapshot for Actions.
- Enter the name for the restored DB instance for DB instance identifier on the Restore snapshot page.
- Then select Restore DB instance.
Now the new Amazon RDS DB instance uses the new encryption key. We need to make sure that the new database has all the data. Also, we can delete the old Amazon RDS instance if not need it anymore.
[Need help with more AWS queries? We’d be happy to assist]
To conclude, today we discussed the steps followed by our Support Engineers to help our customers to change the encryption key used by the RDS DB instance.