RDS Encryption and Monitoring

Learn about RDS encryption and monitoring to secure and track database performance.

Encryption in RDS

All RDS databases support transport layer security (TLS) connections for in-flight encryption of data. To encrypt data at rest, we must specify encryption status using the AWS KMS service when launching the RDS database.

Points to remember:

  • In-flight encryption is supported by default.
  • If the primary database isn’t encrypted, the read replicas of the database can’t be encrypted.
  • Read replicas of an encrypted database are encrypted.
  • To encrypt an unencrypted database, we must take a snapshot of the database and encrypt the database when performing the restore operation.

Get hands-on with 1200+ tech skills courses.