I have a RDS instance and I am trying to choose a greater algorithm for encryption but it only lets me choose symmetric keys. I created a new asymmetric KMS key from "Customer managed keys" and choose "RSA_2048_KMS" as the key spec.
Here is the key:
But when I try to create a new RDS instance - the list in encryption in the image below doesn't contain the new key. but when I create a symmetric key, I do see it. How can I choose an asymmetric key?
Thanks!
You cannot use asymmetric cryptography for encrypting data stored on S3, RDS, EBS, EFS, etc. The cryptography supported for those - including RDS is symmetric, AES 256 bit encryption.
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
You cannot change the encryption setting of an RDS database once its created. Hope that was useful.