To create a cross-region read replica for your encrypted database instance, simply select the target region and an encryption key for that region. You can use your own encryption key or the default encryption key for Amazon RDS that is created by AWS KMS in each region. Amazon RDS takes a snapshot of the source instance and creates a read-only instance from the snapshot in the target region. Amazon RDS uses the engines' native asynchronous replication to update the read replica whenever there is a change to the source DB instance.

This new feature supports a variety of use cases, ranging from lower read latencies for geographically distributed applications to disaster recovery solutions with very low downtimes. Amazon RDS allow you to promote a read replica to source status and then redirect database traffic to the new source.



You can create read replicas of database instances between all commercial AWS regions. This feature is supported in MySQL version 5.5 and higher, MariaDB version 10.0 and higher, and PostgreSQL version 9.3.5 and higher.

For more details on creating a cross-region read replica of an encrypted DB instance, please refer to the Amazon RDS User Guide.