Step 5. Enable Encryption

In this article

    [This step applies only if you have selected the Restore to a new location, or with different settings option at the Restore Mode step of the wizard]

    At the Encryption step of the wizard, choose whether the restored RDS instance must be encrypted with AWS Key Management Service (AWS KMS) customer master keys (CMKs):

    • If you do not want to encrypt the RDS instance or want to apply the existing encryption scheme, select the Use original encryption scheme option.
    • If you want to encrypt the RDS instance, select the Restore as encrypted instance option and choose the necessary CMK from the Encryption key list.

    For a CMK to be displayed in the list of available encryption keys, it must be stored in the AWS Region selected at step 4 and the IAM role specified for the restore operation must have permissions to the CMK.  For more information on CMKs, see AWS Documentation.

    Step 5. Enable Encryption 

    Related Resources

    AWS Key Management Service concepts