Enable RDS Encryption with minimal downtime after creation
I have 2 RDS instances (one mysql and one postgres) and I need to enable encryption after they were already created. The DBs are large, and I am concerned about potential downtime required to create a snapshot, restore the DB, and then complete the warming process.
I estimate it would take ~5 hours to create the snapshot (Postgres ~1.1TB) and ~24 hours for the mysql (~4.5 TB). Then there is time to restore from snapshot and warm the DBs, and then they'd need to (I'm assuming) catch up transactions that may be happening during that gap of time.
I'm thinking I would need to make sure they have a multi-AZ DB. Then create a snapshot for the DBs, encrypt the snapshot and restore to a new RDS instance. Then, could I use AWS DMS do on-going replication for the DB to catch up the transactions and then flip over to the new DB when there is an available small window for downtime?
Is there a better approach or recommendation?
If you don't want to go the route of taking snapshot, encrypting it and then restoring it, the only option left is to do replication to an encrypted RDS, either using DMS or by setting up binlog replication (in case of MySQL) or WAL replication (using pglogical) in case of PostgreSQL. You could set up a new set of instances that are encrypted, and then use logical database replication to copy the data over, and then cut over to the new instances once replication lag is 0. DMS isn't really needed if you are transferring data from MySQL to MySQL or PostgreSQL to PostgreSQL.
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Replication.MySQL.html
Relevant questions
Enable RDS Encryption with minimal downtime after creation
Accepted Answerasked a year agoRDS Encryption questions
Accepted Answerasked 4 years agoReserved Instances for RDS Aurora
Accepted Answerasked 2 years agoIAM RDS Token Auth only working sometimes
asked 3 years agoPerformance Insights and MySQL 5.7.22
Accepted Answerasked 3 years agoAmazon RDS SSL/TLS Certificate will be rolled back after updated
asked 2 years agoRDS MariaDB: ERROR 1114 (HY000) at line LLL: The table 'XXX' is full
asked 7 months agoWhere to see RabbitMQ maintenance events? And can maintenance trigger some kind of notification?
asked 4 months agoNo RDS Create Free Tier Template Option After Deleting First DB
asked 2 years agoCan I import an RDS uncrypted mysql snapshot to an RDS encrypted mysql?
Accepted Answerasked a month ago