在现有数据库上启用加密-AWS RDS Postgresql
[英]Enable encryption on existing database - AWS RDS Postgresql
问题描述
I have an AWS RDS postgresql database that was provisioned via terraform with encryption disabled: storage_encrypted = false 
我有一个通过禁用禁用加密的terraform设置的AWS RDS postgresql数据库: storage_encrypted = false
This database needs to be encrypted now but I can see from the docs that enabling encryption is something that can only be done during DB creation. 现在需要对该数据库进行加密,但是我从文档中可以看到,启用加密是只能在数据库创建期间完成的事情。
I was considering creating a read replica of this instance with encryption enabled and then promoting this replica to be a standalone instance and finally pointing my app to this new instance. 我当时正在考虑为此实例创建一个启用了加密的只读副本,然后将该副本提升为独立实例,最后将我的应用程序指向该新实例。 Is there a simpler way? 有没有更简单的方法?
1 个解决方案
解决方案1
0 已采纳 2019-08-15 16:48:16
One of the ways to achieve this in a non-production environment is as follows - 在非生产环境中实现此目标的方法之一如下:
- Stop writes on the instance, ie. 停止在实例上写入,即。 stop the applications writing to the RDS tables 停止将应用程序写入RDS表
- Create a manual snapshot of the unencrypted RDS instance 创建未加密的RDS实例的手动快照
- Go to Snapshots from the left panel and choose the snapshot just created 从左侧面板转到快照,然后选择刚创建的快照
- From the Actions, choose Copy snapshot option and enable encryption 在“操作”中,选择“复制快照”选项并启用加密
- Select the new encrypted snapshot 选择新的加密快照
- Go to Actions and select Restore snapshot 转到“操作”,然后选择“还原快照”
For a minimal downtime switch follow this - 为了减少停机时间,请遵循以下步骤-
https://aws.amazon.com/premiumsupport/knowledge-center/rds-encrypt-instance-mysql-mariadb/ https://aws.amazon.com/premiumsupport/knowledge-center/rds-encrypt-instance-mysql-mariadb/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.