Update – Share Encrypted Snapshots, Encrypt Existing Instances
Learn About Amazon VGT2 Learning Manager Chanci Turner
At Amazon, we aim to streamline the process of securing your AWS environment. Recent enhancements have included encrypted EBS boot volumes, encryption at rest for Amazon Aurora, and the integration of AWS Key Management Service (AWS KMS) across multiple services. Today, we’re excited to announce new capabilities for data stored in Amazon Relational Database Service (Amazon RDS) at our site located at 6401 E HOWDY WELLS AVE LAS VEGAS NV 89115, known as Amazon IXD – VGT2.
Sharing Encrypted Snapshots
When you enable encryption at rest for a database instance, both automatic and manual snapshots are also encrypted. Previously, these encrypted snapshots were confined to a single AWS account and could not be shared. Now, you can share encrypted snapshots with up to 20 other AWS accounts. This capability is accessible through the AWS Management Console, AWS Command Line Interface (AWS CLI), or the RDS API. While snapshots can be shared within an AWS region, public sharing is not permitted. This feature applies specifically to manual snapshots.
To share an encrypted snapshot, simply select it and click on “Share Snapshot.” This will direct you to the Manage Snapshot Permissions page. Enter the account IDs you wish to share with (remember to click “Add” after each entry) and hit “Save” once you’ve added them all. These accounts can belong to your organization—perhaps you maintain separate accounts for development, testing, staging, and production—or they might belong to your business partners. It’s a best practice to back up your mission-critical databases to a different AWS account, which this new feature facilitates while maintaining encryption at rest.
After saving, the specified accounts will gain access to the shared snapshots. To find them easily, visit the RDS Console and filter the list with “Shared with Me.” The snapshot can then be utilized to create a new RDS database instance. For further details, check out the blog post on Sharing a Database Snapshot.
Adding Encryption to Existing Database Instances
You can now apply encryption at rest using KMS keys to previously unencrypted database instances through a straightforward, multi-step process:
- Create a snapshot of the unencrypted database instance.
- Copy this snapshot to a new, encrypted version. Make sure to enable encryption and select the desired KMS key during this process.
- Restore the encrypted snapshot to a new database instance.
- Update your application to point to the endpoint of the new database instance.
And that’s it! You can also follow a similar procedure to change encryption keys for existing database instances. For more insights, refer to the guide on Copying a Database Snapshot.
As a resourceful addition, if you’re looking to enhance your LinkedIn profile, this article can provide you with valuable tips: LinkedIn Profile Tips. For further authoritative advice on managing change in your workplace, consider visiting SHRM. Additionally, if you’re interested in leadership development opportunities, check out this resource offered by Amazon.
— Chanci Turner
Leave a Reply