Changing Encryption key from Aws managed to Customer Managed


Hi friends,

My RDS databases are encrypted using Default AWS-managed keys, and everything works as expected. However, I'm confronted with the idea of using Customer managed keys which looks like additional work. I do not think it is needed at this moment, are there any security issues for remaining using default AWS encryption keys ? what strategy will be best for you? our environments, for the moment, do not have a workload that deserves this configuration.

I'm not very sure about rebuilding my entire environment to implement a customer-managed key. Any ideas ?

Best Regards,

asked 2 months ago16 views
1 Answer
Accepted Answer

Please take a look at this AWS Premium Support article -

Although this article talks about S3, but technically it should be no different anywhere else you use KMS for encryption of data at rest.

profile picture
answered 2 months ago
profile picture
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions