Configuring database encryption using the Amazon Redshift API and AWS CLI

Use the Amazon Redshift API and AWS Command Line Interface (AWS CLI) to configure encryption key options for Amazon Redshift databases. For more information about database encryption, see Amazon Redshift database encryption.

Configuring Amazon Redshift to use AWS KMS encryption keys using the Amazon Redshift API and AWS CLI

You can use the following Amazon Redshift API actions to configure Amazon Redshift to use AWS KMS encryption keys.

• CreateCluster

• CreateSnapshotCopyGrant

• DescribeSnapshotCopyGrants

• DeleteSnapshotCopyGrant

• DisableSnapshotCopy

• EnableSnapshotCopy

You can use the following Amazon Redshift CLI operations to configure Amazon Redshift to use AWS KMS encryption keys.

• create-cluster

• create-snapshot-copy-grant

• describe-snapshot-copy-grants

• delete-snapshot-copy-grant

• disable-snapshot-copy

• enable-snapshot-copy

Configuring Amazon Redshift to use an HSM using the Amazon Redshift API and AWS CLI

You can use the following Amazon Redshift API actions to manage hardware security modules.

• CreateHsmClientCertificate

• CreateHsmConfiguration

• DeleteHsmClientCertificate

• DeleteHsmConfiguration

• DescribeHsmClientCertificates

• DescribeHsmConfigurations

You can use the following AWS CLI operations to manage hardware security modules.

• create-hsm-client-certificate

• create-hsm-configuration

• delete-hsm-client-certificate

• delete-hsm-configuration

• describe-hsm-client-certificates

• describe-hsm-configurations

Rotating encryption keys using the Amazon Redshift API and AWS CLI

You can use the following Amazon Redshift API actions to rotate encryption keys.

• RotateEncryptionKey

You can use the following AWS CLI operations to rotate encryption keys.

• rotate-encryption-key