kmsKeyId
The Amazon Web Services KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
You can restore to a new DB cluster and encrypt the new DB cluster with a KMS key that is different from the KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the KMS key identified by the KmsKeyId
parameter.
If you don't specify a value for the KmsKeyId
parameter, then the following occurs:
If the DB cluster is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the source DB cluster.
If the DB cluster isn't encrypted, then the restored DB cluster isn't encrypted.
If DBClusterIdentifier
refers to a DB cluster that isn't encrypted, then the restore request is rejected.
Valid for: Aurora DB clusters and Multi-AZ DB clusters