Skip to main content


Encrypt Redshift Clusters


Best practices recommend encrypting an AWS Redshift cluster with a customer-managed Key Management Service (KMS) key.


Encrypt an AWS Redshift cluster during creation.

  1. Log in to the AWS Management Console.
  2. If encrypting using an KMS key and the KMS key does not exist, create the KMS key.
  3. Click Services.
  4. Click Key Management Service.
  5. Click Create a key.
  6. Expand Advanced options.
  7. Select the KMS option.
  8. Fill in applicable KMS fields.
  9. Click Finish.
  10. Click Services.
  11. Click Amazon Redshift.
  12. Click Create cluster.
  13. Toggle Use defaults under Additional configurations to change the default settings.
  14. Expand Database configurations.
  15. Under Encryption, select Use AWS Key Management Service (AWS KMS).
  16. Select Use key from current account, and select a customer-managed KMS key, or select Use key from different account, and enter a customer-managed KMS key Amazon Resource Name (ARN).
  17. Fill in applicable Redshift cluster fields.
  18. Click Create cluster.