DMS replication instances should be encrypted with a customer-managed KMS key

dms
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Description

DMS replication instances should be encrypted using a customer-managed KMS key rather than the default AWS-managed key. Customer-managed keys provide full control over key rotation policies, access permissions via KMS key policies, and the ability to revoke or disable the key.

Remediation

Create a new DMS replication instance with a customer-managed KMS key specified. Existing instances cannot have their encryption key changed after creation. For guidance, refer to Creating a replication instance.