A company uses an Amazon RDS for PostgreSQL DB instance for its customer relationship management (CRM) system. New compliance requirements specify that the database must be encrypted at rest. Which action will meet these requirements?
A.
Create an encrypted copy of manual snapshot of the DB instance. Restore a new DB instance from the encrypted snapshot.
B.
Modify the DB instance and enable encryption.
C.
Restore a DB instance from the most recent automated snapshot and enable encryption.
D.
Create an encrypted read replica of the DB instance. Promote the read replica to a standalone instance.
This page has detailed steps for MySQL and Maria in terms of the encryption of an unencrypted RDS instance.
https://aws.amazon.com/premiumsupport/knowledge-center/rds-encrypt-instance-mysql-mariadb/
From the reference: You can only enable encryption for an Amazon RDS DB instance when you create it, not after the DB instance is created.
However, because you can encrypt a copy of an unencrypted snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance. For more information, see Copying a snapshot.
A. Answer -> Answering to my own question: No! I've just tried to restore unencrypted manual and automatic snapshots into an encrypted db instance and it isn't allowed. If you want to launch an encrypted rds instance, you need to create an encrypted copy of the unencrypted snapshot.
Sign in to the AWS Management Console and navigate to the Amazon RDS dashboard.
Select the DB instance that you want to encrypt.
Click the "Modify" button.
In the "Encryption" section, select the option to "Enable encryption".
Choose the KMS encryption key that you want to use or create a new one.
Click "Continue" and review the summary of changes.
Click "Modify DB instance" to apply the changes.
Note that the encryption process will initiate a snapshot of the DB instance, encrypt it, and restore the encrypted data from the snapshot, so there will be a brief period of downtime while the encryption process is completed.
D. is correct.
Create Read Replica encrypted enable and promote standalone instance.
A. The snapshot doesn't encrypred option.
B. Unencrypted instance is not enable encrypted.
C. Also automated snapshot is not enable encrypted.
You can only encrypt an Amazon RDS DB instance when you create it, not after the DB instance is created.
However, because you can encrypt a copy of an unencrypted snapshot, you can effectively add encryption to an unencrypted DB instance. That is, you can create a snapshot of your DB instance, and then create an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot, and thus you have an encrypted copy of your original DB instance
A is correct, from the page DMS used for ongoing replication.
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
AWS DMS – You can use AWS Database Migration Service (AWS DMS) to replicate changes from the source DB to the target DB. It is important to keep the source and target DB in sync to keep downtime to a minimum. For information about setting up AWS DMS and creating tasks, see the AWS DMS documentation.
A - is wrong, something has changed recently.
I took a snapshot and tried to copy and encrypt it, it does not allows unencrypted to encrypted.
The best option is C, C works as is take any snapshot or manual snapshot and restore to new encrypted cluster.
A - correct
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
You can enable encryption for an Amazon RDS DB instance when you create it, but not after it's created. However, you can add encryption to an unencrypted DB instance by creating a snapshot of your DB instance, and then creating an encrypted copy of that snapshot. You can then restore a DB instance from the encrypted snapshot to get an encrypted copy of your original DB instance. The pattern uses AWS Database Migration Service (AWS DMS) to migrate data and AWS Key Management Service (AWS KMS) for encryption.
All aswer is erro, is necessary utilization DMS
https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
shantest1
Highly Voted 3 years, 7 months agoscottkerker
3 years, 5 months agotoppic26
3 years, 6 months agoDantas
3 years, 4 months agoDantas
3 years, 2 months agoredman50
Most Recent 2 years, 1 month agomegadba
2 years, 10 months agominhntm
2 years, 10 months agoniau
2 years, 11 months agopraffuln
2 years, 12 months agonovice_expert
3 years agotugboat
3 years, 2 months agotugboat
3 years, 2 months agokped21
3 years, 2 months agoSisun
3 years, 4 months agoakiraklaus
3 years, 5 months agoChauPhan
3 years, 6 months agoAesthet
3 years, 6 months agoagrawalachin
3 years, 7 months ago