Enabling encryption on an RDS DB instance is a simple task. There are just a couple of additional switches that need to be passed on to the New-RDSDBInstance cmdlet. But, before you enable encryption on the DB instance, you need to have a key created in KMS. For key creation, you need to write a policy document in JSON format first.
I have created a sample policy document, as follows, which indicates that the role WorldPressAppRole can administer the key in my account. I saved the JSON document as D:\data\Policies\KMSPolicy.txt on my desktop.
{
"Id": "key-consolepolicy-3",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Enable IAM User Permissions",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws...