Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

🚀 25% OFF All Practice Exams, Video Courses, & eBooks – Cyber Week Blowout Deals!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Developer Associate RDS Encryption versus Transparent Data Encryption (TDE) for SQL Server Reply To: RDS Encryption versus Transparent Data Encryption (TDE) for SQL Server

  • kung

    Member
    May 7, 2020 at 4:33 pm

    Hello Jon,

    Thanks for the exhaustive reply.

    They key sentence in your reply to me is

    “RDS Encryption is using KMS to manage the encryption keys. The data must be written to storage first before RDS can do start the encryption. Hence, it encrypts the data AFTER it is written to storage, which is the exact opposite of what TDE is doing.”

    As this is answering my question “Does this mean the data is first written unencrypted to storage, and then at a later time only encrypted while it is already on the storage (and this all transparently of course)?”

    Apparently it is, although I could very well image that it would be a kind of streaming (in-memory) operation: the API call to write/put data to the database, which would then be streamed to an encryption API call, after which it would be written to storage.

    Do you have any AWS documentation links about these technical details?
    Would be interesting. I couldn’t find anything (yet).

    Thanks,
    Robert

Skip to content