Back up and restore transparent data encrypted databases across accounts in Amazon RDS for SQL Server

Database Blog

This article provides a step-by-step guide for backing up and restoring Transparent Data Encrypted (TDE) databases from Amazon RDS for SQL Server across different AWS accounts.

Specifically, the article covers:

Prerequisites for the solution
Solution overview and architecture diagram
Backing up the TDE certificate and database from the source account to an S3 bucket
Extracting the ciphertext-blob from the S3 metadata and sharing the KMS key
Decrypting the ciphertext in the target account and creating a new KMS key
Restoring the TDE certificate and database in the target account
Clean up steps to remove the resources created

The article concludes by highlighting the importance of TDE for data security and providing a solution for migrating TDE-enabled databases across AWS accounts.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Jun 10
2025

Cross-account migration of Amazon RDS for SQL Server with column-level encryption

Jul 30
2024

Implementing a fall forward strategy from Amazon RDS for SQL Server Transparent Data Encryption (TDE) and Non-TDE Enabled databases to self-managed SQL Server

Oct 22
2025

Amazon RDS for SQL Server enables encrypting native backups using server-side encryption with AWS KMS keys (SSE-KMS)

May 15
2024

Encrypt your database connection using SSL encryption to Amazon RDS Custom for SQL Server

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Back up and restore transparent data encrypted databases across accounts in Amazon RDS for SQL Server

Related articles