Enable encryption on existing database - AWS RDS Postgresql
Question
I have an AWS RDS postgresql database that was provisioned via terraform with encryption disabled: storage_encrypted = false
This database needs to be encrypted now but I can see from the docs that enabling encryption is something that can only be done during DB creation.
I was considering creating a read replica of this instance with encryption enabled and then promoting this replica to be a standalone instance and finally pointing my app to this new instance. Is there a simpler way?
1 answers
solution1
0 ACCPTED 2019-08-15 16:48:16
One of the ways to achieve this in a non-production environment is as follows -
- Stop writes on the instance, ie. stop the applications writing to the RDS tables
- Create a manual snapshot of the unencrypted RDS instance
- Go to Snapshots from the left panel and choose the snapshot just created
- From the Actions, choose Copy snapshot option and enable encryption
- Select the new encrypted snapshot
- Go to Actions and select Restore snapshot
For a minimal downtime switch follow this -
https://aws.amazon.com/premiumsupport/knowledge-center/rds-encrypt-instance-mysql-mariadb/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.