Amazon RDS for SQL Server now supports migrating Transparent Data Encrypted databases across AWS accounts by backing up the TDE certificate and database to S3, sharing the KMS key, re-encrypting the certificate with the destination KMS key, and restoring the database in the target account.

<div>
<p>This article provides a step-by-step guide for backing up and restoring Transparent Data Encrypted (TDE) databases from Amazon RDS for SQL Server across different AWS accounts.</p>
<p>Specifically, the article covers:</p>
<ul>
<li>Prerequisites for the solution</li>
<li>Solution overview and architecture diagram</li>
<li>Backing up the TDE certificate and database from the source account to an S3 bucket</li>
<li>Extracting the ciphertext-blob from the S3 metadata and sharing the KMS key</li>
<li>Decrypting the ciphertext in the target account and creating a new KMS key</li>
<li>Restoring the TDE certificate and database in the target account</li>
<li>Clean up steps to remove the resources created</li>
</ul>
<p>The article concludes by highlighting the importance of TDE for data security and providing a solution for migrating TDE-enabled databases across AWS accounts.</p>
</div>


Related articles