Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Changing Encryption key from Aws managed to Customer Managed

0

Hi friends,

My RDS databases are encrypted using Default AWS-managed keys, and everything works as expected. However, I'm confronted with the idea of using Customer managed keys which looks like additional work. I do not think it is needed at this moment, are there any security issues for remaining using default AWS encryption keys ? what strategy will be best for you? our environments, for the moment, do not have a workload that deserves this configuration.

I'm not very sure about rebuilding my entire environment to implement a customer-managed key. Any ideas ?

Best Regards,

Topics
AnalyticsMigration & ModernizationDatabase
Tags
EncryptionAmazon RDS on VMWareAmazon Relational Database ServiceDatabase
Language
English
asked 3 years ago1.4K views
2 Answers
1
Accepted Answer

Please take a look at this AWS Premium Support article - https://aws.amazon.com/premiumsupport/knowledge-center/s3-object-encryption-keys/

Although this article talks about S3, but technically it should be no different anywhere else you use KMS for encryption of data at rest.

AWS
EXPERT
answered 3 years ago
EXPERT
reviewed 2 years ago
EXPERT
reviewed 3 years ago
AWS
EXPERT
reviewed 3 years ago
0

I was hoping to see an actual answer to how to migrate from AWS managed key to a customer managed key... oh well :(

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content