Encrypting Un-Encrypted Amazon RDS Database Instance

This is the scenario that prompted this article.

"Suppose you created an RDS DB Instance with encryption disabled. As time goes by, your project becomes bigger. You begin to store more sensitive data. Quite aware of security issues of your data, you go to the AWS console to check whether your database was well encrypted. Shockingly, you find out the database was totally Unencrypted. When you check to encrypt the database, you have no option to encrypt the database."

Before we find a solution to the scenario, lets first look into the Amazon RDS. Amazon RDS is a fully managed, cloud relational database service that offers high availability and throughput. High availability means that your database will be deployed in a multi availability zone fashion and the read replicas will ensure that you experience no data loss in the event of a failure.

Amazon RDS supports the following database engines; MySQL, PostgreSQL, Maria DB, Oracle DB and Microsoft SQL Server. This means the applications, codes and tools are familiar making it easy to use the Amazon RDS.

The easiest way to create your database instance is to login to your AWS console, Go to Services, select RDS and on the RDS dashboard, click create database. The page that you are directed to has all the details you need to set up your database instance. Before you hit that create db button, you will have specified the engine type, DB Instance classes, Storage options, Availability and Durability, connectivity, database authentication and basic database configuration details like the database name and login details.

You see, in the above scenario, an option to encrypt the database was presented but you chose to uncheck it and that's why we are in that scenario. The Encryption is under the 'Advance Configuration' tab on the create database page. By default the option is checked, meaning if you created the database without making any changes to this section, the database would be encrypted.

This is what you see when you go to check if your database was encrypted or not. CLick on your database name and check the configurations tab.

Here are the steps follow to encrypt your un-encrypted database instance.

1. Create a snapshot of your current database. This creates a copy of your database as is.
2. Make a copy of your snapshot created above and enable encryption.
3. Restore your database from the encrypted snapshot
4. Rename your restored database instance to your original name. This is to make sure that the new encrypted database has the same endpoints as your original database to avoid any conflicts in connections. You can also rename your original database to your preferred name.

The truth is, this process takes a while depending on the size of your database instance but you end up with an encrypted database!!

Most of the resources here I got from AWS and Whizlabs as I prepare for to write my Solutions Architect Certification. For further readings on the AWS RDS, visit https://aws.amazon.com/rds/faqs/ . ADIOS!