Skip to main content

Manage RDS AirGap backups with AWS Managed Keys

Updated over a month ago

Does Druva support RDS Airgap backups using AWS Managed Keys (AMK)?

RDS Airgap as well as orchestration of RDS backups are supported with AWS Managed Keys (AMK) only within the same AWS Region and Account. Backups directed to a different Account (for example, when Airgap backup is enabled), are likely to fail since cross-account backups using AMK is not supported.

Why does RDS Airgap backup fail with AMK even in the same region?

When Airgap backup is enabled, Druva manages the backups within a different AWS account. AWS does not support cross-account backups for RDS instances encrypted with AMK, even if the backups reside within the same region.

This is a limitation enforced by AWS. For more information, refer to AWS documentation.

What is the recommended solution for using RDS Airgap with encryption?

To enable RDS Airgap backups successfully we recommend using Customer Managed Keys (CMK), instead of AWS Managed Keys. CMK allows cross-account encryption support and is fully compatible with Druva's RDS Airgap functionality.

Did this answer your question?