Choose the right type of AWS KMS key to encrypt Amazon RDS and Aurora Global Database
Database Blog
This article explains the important differences and considerations when deciding on using either single-Region or multi-Region AWS Key Management Service (KMS) keys for Amazon RDS and Aurora Global Database deployments.
Specifically, the article covers:
- Overview of AWS KMS and its benefits for data encryption and key management
- Types of KMS keys: customer managed keys, AWS managed keys, and AWS owned keys
- Differences between multi-Region and single-Region customer managed keys
- How AWS services treat multi-Region keys and their usage for client-side encryption
- Key management, pricing, and quotas for multi-Region and single-Region keys
- Considerations for using AWS managed keys for Amazon RDS and Aurora
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Apr 13
2026
2026
Options for changing AWS KMS encryption key for Amazon RDS databases
May 15
2024
2024
Encrypt your database connection using SSL encryption to Amazon RDS Custom for SQL Server
Oct 22
2025
2025
Amazon RDS for SQL Server enables encrypting native backups using server-side encryption with AWS KMS keys (SSE-KMS)
Jun 23
2025
2025
Things to consider when choosing between Oracle TDE and AWS KMS for encryption of data at rest for Amazon RDS for Oracle
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.