- Newest
- Most votes
- Most comments
Hi Balakrishna,
Please try this solution.
To changing the KMS key for cross-region replication of RDS automated backups.
Stop the Current Replication
- You cannot directly change the KMS key for automated backup replication once it's already configured. To change the KMS key, you need to stop the current replication process.
- This involves disabling cross-region replication for the automated backups temporarily.
Reconfigure the Replication with a New KMS Key
- Once the current replication is stopped, you can configure cross-region replication again, this time specifying the new KMS key you want to use.
- Ensure that the KMS key is correctly configured and available in the target region.
Verify Permissions
- Make sure that the necessary permissions are in place for the new KMS key in both the source and target regions.
- This includes ensuring that the KMS key policies allow the RDS service to use the key for encryption and decryption.
Start the Replication
- After configuring the new KMS key and ensuring everything is set up correctly, start the automated backup replication process again.
if you need more information, please go through the AWS Document links.
https://repost.aws/knowledge-center/s3-cross-encrypted-replication
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html
Hello,
Steps to Resolve:
1.Stop Existing Replication:
First, stop the existing automated backup replication that uses the current KMS key.
Start New Replication with the Desired KMS Key:
Once the existing replication is stopped, you can configure a new automated backup replication and specify the new KMS key you want to use.
Manual Migration (if needed):
If it's critical to retain the data encrypted with the old key, you might need to manually copy the data and re-encrypt it with the new KMS key.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html
Relevant content
- asked 2 years ago
