![]() ![]() Perform logical replication on the restored database for change data capture.Restore the snapshot to a new database instance with encryption enabled.Enable native PostgreSQL replication on the unencrypted source database and take a manual snapshot. ![]() This solution carries out the conversion in four high-level steps: You can use the same solution for switching the encryption key from an AWS managed key to a customer managed key for an existing encrypted Amazon RDS for PostgreSQL or Amazon Aurora database. ![]() If your applications are sensitive to down time duration, then you can follow the second approach and use logical replication to minimize downtime. One is by using the Amazon RDS console, which is a straightforward approach but requires some down time. The encryption of database at rest provides an additional layer of protection from unauthorized access to data.Ĭonverting an unencrypted RDS for PostgreSQL or Amazon Aurora PostgreSQL database to encryptedįor an encrypted database instance data on storage, transaction logs, backups, and snapshots are encrypted. Logical replication is commonly used for data migration from on premises to Amazon RDS or Amazon Aurora PostgreSQL-Compatible Edition.Īs an Amazon RDS and Aurora security best practice, you must encrypt your databases and snapshots at rest and in transit. Amazon RDS for PostgreSQL and Amazon Aurora PostgreSQL-Compatible Edition support logical replication with decoding plugins such as pglogical and pgoutput. PostgreSQL logical replication uses a publish and subscribe model with one or more subscribers, subscribing to one or more publications on a publisher node. This solution uses database Snapshot and PostgreSQL logical replication.Īmazon RDS offers two types of snapshots automatic and manual. In this post, we show a solution to create an encrypted database from their existing unencrypted database and cut over with the least disruption to applications. Recently one of our customers, asked us to help them encrypt their unencrypted Amazon Relational Database Service (Amazon RDS) for PostgreSQL. ![]()
0 Comments
Leave a Reply. |