Configuring database encryption using the console - Amazon Redshift

Configuring database encryption using the console

You can use the Amazon Redshift console to configure Amazon Redshift to use an HSM and to rotate encryption keys. For information about how to create clusters using AWS KMS encryption keys, see Creating a cluster and Managing clusters using the AWS CLI and Amazon Redshift API.

To modify database encryption on a cluster
  1. Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/.

  2. On the navigation menu, choose Clusters, then choose the cluster that you want to move snapshots for.

  3. For Actions, choose Modify to display the configuration page.

  4. In the Database configuration section, choose a setting for Encryption, then choose Modify cluster.

Rotating encryption keys using the Amazon Redshift console

You can use the following procedure to rotate encryption keys by using the Amazon Redshift console.

To rotate the encryption keys for a cluster
  1. Sign in to the AWS Management Console and open the Amazon Redshift console at https://console.aws.amazon.com/redshiftv2/.

  2. On the navigation menu, choose Clusters, then choose the cluster that you want to update encryption keys.

  3. For Actions, choose Rotate encryption to display the Rotate encryption keys page.

  4. On the Rotate encryption keys page, choose Rotate encryption keys.