What is the FASTEST way to secure the data through encryption at rest in the DB cluster?
Take a manual snapshot of the unencrypted DB cluster. Create an encrypted copy of that snapshot in the same AWS Region as the unencrypted snapshot. Restore a DB cluster from the encrypted snapshot.
Create an AWS Key Management Service (AWS KMS) key in the same AWS Region and create a new encrypted Aurora cluster using this key.
Take a manual snapshot of the unencrypted DB cluster. Restore the unencrypted snapshot to a new encrypted Aurora PostgreSQL DB cluster.
Create a new encrypted Aurora PostgreSQL DB cluster. Use AWS Database Migration Service (AWS DMS) to migrate the data from the unencrypted DB cluster to the encrypted DB cluster.
Explanations:
Taking a manual snapshot and creating an encrypted copy is a valid method, but it is not the fastest way. The process involves multiple steps: creating a snapshot, copying it, and then restoring it, which can take longer than other options.
Creating a new encrypted cluster with a KMS key doesn’t automatically encrypt the data of the existing unencrypted cluster. It would require a migration or snapshot process, making this less direct and faster than other methods.
The fastest and simplest way to encrypt the existing DB cluster is to take a manual snapshot of the unencrypted DB cluster and restore it to a new encrypted DB cluster. This directly creates an encrypted copy without extra steps.
While AWS DMS can migrate data between clusters, this method introduces complexity and is slower than directly restoring from an encrypted snapshot. It requires additional setup and overhead, making it less efficient for the task at hand.
I conclude that the answer is:
Take a manual snapshot of the unencrypted DB cluster. Restore the unencrypted snapshot to a new encrypted Aurora PostgreSQL DB cluster.