From Console:
1. Sign in to the AWS Management Console and open the Amazon RDS console at https://console.aws.amazon.com/rds/.
2. In the upper-right corner of the Amazon RDS console, choose the AWS Region in which you want to create the DB instance.
3. In the navigation pane, choose Databases.
4. Choose Create database.
5. In Choose a database creation method, select Standard Create.
6. Set the other options as per your requirement
7. In Advanced Configuration section, make sure that Enable encryption option is selected
8. Choose Create database

To encrypt existing unencrypted database, follow these steps:
1. Encrypt an unencrypted snapshot that you take from an unencrypted read replica of the DB instance.
2. Restore a new DB instance from the encrypted snapshot to deploy a new encrypted DB instance.

From TF:
add storage_encrypted flag to terraform file to create encrypted database instance:
resource aws_db_instance” “db_instance_example” {
…
storage_encrypted = true
…
}

From Command Line :
To create an encrypted database, run:
aws rds create-db-instance –engine ENGINE –db-instance-identifier DB_IDENTIFIER –allocated-storage SIZE –db-instance-class DB_INSTANCE_CLASS –vpc-security-group-ids SECURITY_GROUP_ID –db-subnet-group SUBNET_GROUP –master-username USER –master-user-password PWD -backup-retention-period DAYS –storage-encrypted

References:
1. https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
2. https://aws.amazon.com/premiumsupport/knowledge-center/rds-encrypt-instance-mysql-mariadb/
3. https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/encrypt-an-existing-amazon-rds-for-postgresql-db-instance.html
4. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#storage_encrypted