Currently AWS does not support to modify existing unencrypted
Amazon RDS DB instance to encrypt the instance. Also, it does not support to create
an encrypted read replica from an unencrypted instance.
To Modify existing unencrypted Amazon RDS DB instance to
encrypt instance we have follow the following steps.
Step1 : Take the snapshot of existing unencrypted RDS instance
Step2: Convert unencrypted snapshot to encrypted snapshot
Step3: Restore the new RDS MYSQL instance from encrypted snapshot
Step4: Switch your application connections to new database
Before doing this, we must plan a proper downtime if we do a
live database. We need to make sure as part of this process no transaction needs
to be performed in the existing RDS instance otherwise we will have data loss.
If we have to minimize the downtime, we need to create a read
replica to perform this step.
Step1 : Take the snapshot of existing unencrypted RDS instance
2. Select the Action dropdown button and click Take Snapshot
3. Enter the snapshot name and click Take
Snapshot button
Step2: Convert unencrypted snapshot to encrypted snapshot
1.
Go the snapshot and select the recent snapshot
2.
In the action drop down button select Copy Snapshot
3. Enter the new snapshot name, region, select encrypt key and Copy snapshot
Step3: Restore the new RDS MYSQL instance from encrypted snapshot
1. 1. Select the encrypted snapshot
2. 2. From the action drop down button select Restore
Snapshot
3. 3. In the restore snapshot screen, enter new database
name, VPC, Security group and Restore DB instance
No comments:
Post a Comment