Part 1: Amazon RDS

ARTIFACTORY: How to Encrypt an Unencrypted RDS PostgreSQL Database
AuthorFullName__c
Joey Naor
articleNumber
000004868
ft:sourceType
Salesforce
FirstPublishedDate
2020-09-29T08:22:49Z
lastModifiedDate
2024-03-10T07:47:42Z
VersionNumber
8
(taken directly from Amazon’s documentation):
  1. Choose the RDS DB instance that you want to encrypt, making sure to check the instance details to confirm that it hasn’t already been encrypted.
  2. Next, choose Actions and then select Take Snapshot. In the Take DB Snapshot window, type the name of the snapshot you are about to take. Then, click Take Snapshot. Note: Depending on the storage size of your instance, the backup process might take a few minutes.
  3. In your navigation pane, choose the snapshot you’ve created. Select Actions and then choose Copy Snapshot. In the Make Copy of DB Snapshot window, type a name for your snapshot copy in the New DB Snapshot Identifier field. Tick the Copy Tags checkbox so your snapshot will be assigned the same tags and values as your source snapshot. Tick the Enable Encryption checkbox. At this point, you’ll have the option to choose the default AWS Secrets Manager encryption key or a custom key by choosing it from the Master Key list.
  4. Open the Amazon RDS console. In the navigation pane, choose Snapshots and then select the copy of the snapshot you created in Step #3. Under Actions, choose Restore Snapshot. This will restore the encrypted snapshot to a new DB instance. 
  5. On the Restore DB Instance page, in the DB Instance Identifier field, type a unique name for your new DB instance. Review the instance configuration details and then select Restore DB Instance
  6. Check the instance details to confirm that it has been encrypted.
  7. Verify that the data in your encrypted RDS DB instance following migration is the same as that which is in your unencrypted DB records.