Amazon RDS now supports Read Replicas of Encrypted Database Instances across Regions

Posted on: Jan 23, 2017

Starting today, you can easily create cross-region read replicas for your Amazon RDS for MariaDB, MySQL and PostgreSQL database instances encrypted at rest with AWS Key Management Service (KMS). Previously, you could create cross-region read replicas for unencrypted database instances only, and the only option for creating copies of encrypted database instances was to copy encrypted DB snapshots to the target region. Now, you can create cross-region read replicas for your encrypted database instances in just a few clicks on the AWS Management Console.

To create a cross-region read replica for your encrypted database instance, simply select the target region and an encryption key for that region. You can use your own encryption key or the default encryption key for Amazon RDS that is created by AWS KMS in each region. Amazon RDS takes a snapshot of the source instance and creates a read-only instance from the snapshot in the target region. Amazon RDS uses the engines' native asynchronous replication to update the read replica whenever there is a change to the source DB instance.

This new feature supports a variety of use cases, ranging from lower read latencies for geographically distributed applications to disaster recovery solutions with very low downtimes. Amazon RDS allow you to promote a read replica to source status and then redirect database traffic to the new source.

You can create read replicas of database instances between all commercial AWS regions. This feature is supported in MySQL version 5.5 and higher, MariaDB version 10.0 and higher, and PostgreSQL version 9.3.5 and higher.

For more details on creating a cross-region read replica of an encrypted DB instance, please refer to the Amazon RDS User Guide.