For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How do I change the encryption key that my Amazon RDS DB instances and DB snapshots use?
I want to update the encryption key that my Amazon Relational Database Service (Amazon RDS) DB instances and snapshots use to a new encryption key.
Resolution
You can't change the encryption key that your Amazon RDS DB instance uses. However, you can create a copy of the RDS DB instance, and then choose a new encryption key for that copy.
Note: When you create a snapshot, data in unlogged tables might not restore.
To create a copy of an RDS DB instance with a new encryption key, complete the following steps:
- Open the Amazon Aurora and RDS console.
- In the navigation pane, choose Databases.
- Select your DB instance.
- Create a manual snapshot for your DB instance.
- In the navigation pane, choose Snapshots.
- Select the manual snapshot.
- Choose Actions, and then choose Copy Snapshot.
- Under Encryption, choose Enable Encryption.
- For AWS KMS Key, choose the new encryption key.
- Choose Copy snapshot.
- Restore the copied snapshot.
The new RDS DB instance uses your new encryption key.
Confirm that your data is in your new database and that your application uses the new database. Then, delete the original RDS DB instance.
Related information
- Language
- English
Relevant content
- AWS OFFICIALUpdated 10 months ago
