- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Amazon RDS-encrypted database instances use the industry standard AES-256 encryption algorithm to encrypt your data on the server hosting your Amazon RDS DB instances. After your data is encrypted, Amazon RDS handles the authentication of access and decryption of your data transparently with a minimal impact on performance.
With RDS encryption enabled, the data stored on the instance’s underlying storage, the automated backups, read replicas, and snapshots, are all encrypted.
Follow the Enabling Amazon RDS encryption for a DB instance documentation to ensure your database instances are encrypted.
Run describe-db-instances
with an instance identifier query to list RDS database names.
aws rds describe-db-instances \
--query 'DBInstances[*].DBInstanceIdentifier'
Run create-db-snapshot
with any returned database instance you wish to modify.
aws rds create-db-snapshot \
--db-snapshot-identifier <insert-db-snapshot-id> \
--db-instance-identifier <insert-db-id>
Run list-aliases
to list KMS keys aliases by region.
aws kms list-aliases \
--region <insert-region>
Run copy-db-snapshot
with the kms-key-id
returned in step 3.
aws rds copy-db-snapshot \
--region <insert-region> \
--source-db-snapshot-identifier <insert-original-db-snapshot-id> \
--target-db-snapshot-identifier <insert-encrypted-db-snapshot-id> \
--copy-tags \
--kms-key-id <insert-kms-key-id>
Run restore-db-instance-from-db-snapshot
to restore the previously created snapshot.
aws rds restore-db-instance-from-db-snapshot \
--region <insert-region> \
--db-instance-identifier <insert-encrypted-db-id> \
--db-snapshot-identifier <insert-encrypted-db-snapshot-id>
Run describe-db-instances
with a query to ensure database encryption.
aws rds describe-db-instances \
--region <insert-region> \
--db-instance-identifier <insert-encrypted-db-snapshot-id> \
--query 'DBInstances[*].StorageEncrypted'