rds/aws.sdk.kotlin.services.rds.model/CreateDbInstanceReadReplicaRequest/Builder/kmsKeyId

kmsKeyId

var kmsKeyId: String?

The Amazon Web Services KMS key identifier for an encrypted read replica.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you create an encrypted read replica in the same Amazon Web Services Region as the source DB instance or Multi-AZ DB cluster, don't specify a value for this parameter. A read replica in the same Amazon Web Services Region is always encrypted with the same KMS key as the source DB instance or cluster.

If you create an encrypted read replica in a different Amazon Web Services Region, then you must specify a KMS key identifier for the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.

You can't create an encrypted read replica from an unencrypted DB instance or Multi-AZ DB cluster.

This setting doesn't apply to RDS Custom, which uses the same KMS key as the primary replica.

© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved. Generated by dokka