Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

A simple guide to Transparent Data Encryption in AWS RDS SQL Server

Does AWS Rds Sql Server support built-in SQL Server Transparent Data Encryption (TDE)?  Yes , is the short answer , but there are some limitations  . 

Before I dive into the AWS SQL Server RDS TDW limitations , in this post  we're discussing SQL Server TDE as opposed to RDS Encryption covering Aurora, MySQL, MariaDB, PostgreSQL, Oracle, SQL Server

Related Articles

RDS SQL Server supports TDE , but there are some limitations placed by AWS :


1) Aws Rds Sql Server doesn't support importing or exporting TDE certificates.  If you attempt to execute a CREATE CERTIFICATE statement you will receive a permission restriction message, the same applies if you attempt a BACKUP CERTIFICATE
2) You can create native backups of Transparent Data Encryption (TDE)-enabled databases, but you can't restore those backups to on-premises databases.
3) You can't restore native backups of TDE-enabled on-premises databases onto a AWS RDS SQL Server Instance 
4) You can’t restore TDE-encrypted database backups to or from another server.

For migration of on-prem TDE enabled alternatives to backup \ restore , other methods would be required such as :
-disable TDE and then backup\restore ,
-transfer objects straight into db
- DMS

To enable TDE on an AWS RDS SQL Server is similar to on-prem with the same command set . The below sql code is a demo and also to demonstrate the sql code and sequence is similar. One of the significant differences is how TDE is enabled . On an RDS instance the methodology to enable TDE is to associate an option group with the RDS instance i.e  create new Option Group – e.g “sqlserver-tde”   with option TRANSPARENT_DATA_ENCRYPTION

create database myTDEDB
go 
USE [master]
GO
SELECT name FROM sys.certificates WHERE name LIKE 'RDSTDECertificate%'
----RDSTDECertificate22222222222
GO
USE [myTDEDB]
GO
CREATE DATABASE ENCRYPTION KEY
WITH ALGORITHM = AES_128
ENCRYPTION BY SERVER CERTIFICATE [RDSTDECertificate22222222222]
GO
ALTER DATABASE [myTDEDB]
SET ENCRYPTION ON
GO

Read more on TDE

Impact on TDE encryption in progress on SQL Server restart

How to measure Transparent Data Encryption (TDE) Performance

How to measure Transparent Data Encryption (TDE) Performance



This post first appeared on SQLSERVER-DBA.com, please read the originial post: here

Share the post

A simple guide to Transparent Data Encryption in AWS RDS SQL Server

×

Subscribe to Sqlserver-dba.com

Get updates delivered right to your inbox!

Thank you for your subscription

×