Amazon Aurora further strengthens your security posture by automatically applying server-side encryption by default to all new databases clusters, created starting today, using AWS-owned keys. This encryption is fully managed, transparent to users, with no cost or performance impact.
Aurora now automatically encrypts all new database clusters created without custom encryption settings using server-side encryption by default. Existing clusters remain unaffected and you can continue using the current encryption configuration with customer-managed or AWS-managed KMS keys. This automatic encryption only applies to new clusters where no encryption configuration is provided. You cannot disable encryption on new clusters, but can choose customer-managed or AWS-managed KMS keys instead of server side encryption during cluster creation. Server side encryption provides encryption protection without requiring you to provision, rotate, or manage keys.
This update is available in all AWS Regions, including the AWS GovCloud (US) Regions. To learn more about encryption at rest, refer to our blog or see Aurora encryption documentation.
Categories: marketing:marchitecture/databases,general:products/amazon-aurora
Source: Amazon Web Services
