Step 5. Enable Encryption
[This step applies only if you have selected the Restore to new location, or with different settings option at the Restore Mode step of the wizard]
At the Encryption step of the wizard, choose whether the restored RDS instance must be encrypted with AWS KMS keys:
- If you do not want to encrypt the RDS instance or want to apply the existing encryption scheme, select the Use original encryption scheme option.
- If you want to encrypt the RDS instance, select the Restore as encrypted instance option and choose the necessary KMS key from the Encryption key list.
For a KMS key to be displayed in the list of available encryption keys, it must be stored in the AWS Region selected at step 4 and the IAM role specified for the restore operation must have permissions to the key. For more information on KMS keys, see AWS Documentation.