Issue
I need to find a method for encrypting whole database and encrypt specific columns data in PostgreSQL. Currently I have a PostgreSQL database in an Amazon EC2 instance.
Is there a way for encrypting this database using AWS key management service or something else?
Solution
You ask for two different use cases and I'd separate them
I need to find a method for encrypting whole database
As already answered, AWS can encrypt data in rest by default, data storage is encrypted under the hood (for RDS or EBS). AWS uses KMS to manage the encryption key for encrypting the underlying storage.
This encryption is transparent, so client having the correct database credentials has access to data.
and encrypt specific columns data
This needs to be done on application level. You have a few options here. The application can encrypt the data directly or you can use pgcrypto library to let the database encrypt the data.
The biggest problem in this case is where to store and how to manage the encryption key. The keys can be managed by KMS or AWS Secret Manager
With KMS you can create a data encryption key to encrypt data themselves and KMS to encrypt the "data encryption key". Actually - the secret manager is doing that for you.
Answered By - gusto2