Since summer 2017, Amazon RDS supports encryption at rest using AWS Key Management Service (KMS) for db.t2.small and db.t2.medium database instances, making the feature now available to virtually every instance class and type.
Unless you are running Previous Generation DB Instances or you can only afford to run a db.t2.micro, every other instance class now supports native encryption at rest using KMS. As for the Amazon documentation:
Encryption on smaller T2 database instances is useful for development and test use cases, where you want the environment to have identical security …
[Read more]