Why encrypt an Aurora Read Replica when all instances share the same underlying storage

0

Hi there, I often seen it mention in the documentation that you can encrypt an Aurora Read-Replica, but since all instances share the same underlying storage and data is not encrypted in memory then what is the point of it? Thanks in advance.

질문됨 일 년 전224회 조회
1개 답변
-1

You can't create an encrypted Aurora Replica for an unencrypted Aurora DB cluster. You can't create an unencrypted Aurora Replica for an encrypted Aurora DB cluster. Ref: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Replication.html

Data that is encrypted at rest includes the underlying storage for DB clusters, its automated backups, read replicas, and snapshots. Ref: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Overview.Encryption.html

Amazon Aurora DB clusters support Secure Sockets Layer (SSL) connections from applications using the same process and public key as Amazon RDS DB instances. Ref: https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Security.html

profile pictureAWS
답변함 일 년 전
  • I appreciate you taking the time to respond to my question but you have not really answered the question. From the AWS Docs, it says the following "For an Amazon Aurora encrypted DB cluster, all DB instances, logs, backups, and snapshots are encrypted. You can also encrypt a read replica of an Amazon Aurora encrypted cluster" Why does it add the 2nd line saying you can also encrypt an read-replica? when if you encrypt a cluster all the underlying storage is encrypted, the read-replica uses that underlying storage it does not have independent data on its instance, i.e. there is nothing to encrypt on the read-replica, only logs are replicated over and changes in memory which is not encrypted, so I guess is this line incorrect and should not have been in the documentation? Thanks in advance.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠