Step 5. Enable Encryption
[This step applies only if you have selected the Restore to a new location, or with different settings option at the Restore Mode step of the wizard]
At the Encryption step of the wizard, choose whether the restored RDS instance must be encrypted with AWS Key Management Service (AWS KMS) customer master keys (CMKs):
- If you do not want to encrypt the RDS instance or want to apply the existing encryption scheme, select the Use original encryption scheme option.
- If you want to encrypt the RDS instance, select the Restore as encrypted instance option and choose the necessary CMK from the Encryption key list.
For a CMK to be displayed in the list of available encryption keys, it must be stored in the AWS Region selected at step 4 and the IAM role specified for the restore operation must have permissions to the CMK. For more information on CMKs, see AWS Documentation.