A company's legacy application is currently relying on a single-instance Amazon RDS MySQL database without encryption. Due to new compliance requirements, all existing and new data in this database must be encrypted. How should this be accomplished?
A.
Create an Amazon S3 bucket with server-side encryption enabled. Move all the data to Amazon S3. Delete the RDS instance.
B.
Enable RDS Multi-AZ mode with encryption at rest enabled. Perform a failover to the standby instance to delete the original instance.
C.
Take a Snapshot of the RDS instance. Create an encrypted copy of the snapshot. Restore the RDS instance from the encrypted snapshot.
D.
Create an RDS read replica with encryption at rest enabled. Promote the read replica to master and switch the application over to the new master. Delete the old RDS instance.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
You can only encrypt an Amazon RDS DB instance when you create it, not after the DB instance is created.
However, because you can encrypt a copy of an unencrypted snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance. For more information, see Copying a DB snapshot.
C is missing a key component of the question. it doesn't say that after restoring the old RDS in an encrypted way the new data that will enter the RDS will also be encrypted. only for that I vote D.
C for sure.
You can only enable encryption for an Amazon RDS DB instance when you create it, not after the DB instance is created.
However, because you can encrypt a copy of an unencrypted snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
malefin280
Highly Voted 3 years, 9 months agoNaveedNZ
3 years, 9 months agoMsLike2Travel
Highly Voted 3 years, 9 months ago48cd959
Most Recent 1 year, 3 months agoMassieMan
2 years, 6 months agoretne
2 years, 7 months agokanweng
2 years, 7 months agoogerber
2 years, 8 months ago9014
2 years, 10 months agoqueen101
2 years, 11 months agomarklovesaws143
2 years, 11 months agomarklovesaws143
2 years, 11 months agoPushprajsinghjadoun
2 years, 11 months agoslcheng
3 years agoroger66
3 years, 2 months agoKarthikeyan_nick
3 years, 2 months agoyongj2010
3 years, 4 months agosaifeddine92
3 years, 4 months ago