Q
Get started Bring yourself up to speed with our introductory content.

How can Amazon EBS encryption help secure our data?

We want to lock down data moving between EC2 instances and EBS volumes. What security and encryption options are available in Amazon Elastic Block Store?

Amazon Elastic Block Store uses a two-fold approach to protect data. Amazon EBS encryption and AWS Identity and...

Access Management protect data as it moves between EC2 instances and volumes.

Administrators use AWS Identity and Access Management (IAM) to control which users or groups can -- and can't -- access services such as Elastic Block Store (EBS) volumes. IAM can also set access conditions, such as SSL links, originating IP addresses, times of day and the use of multifactor authentication devices to allow access to EBS resources.

Administrators can create encrypted EBS volumes that encrypt data at rest within the volume, data moving between the volume and an Elastic Compute Cloud (EC2) instance and all EBS snapshots -- usually replicated to Amazon Simple Storage Service -- created from the encrypted EBS volume. All four types of volumes support Amazon EBS encryption. The actual encryption and decryption is performed transparently on EC2 servers to secure in-flight data; this doesn't significantly affect latency. AWS Key Management Service can create the 256-bit customer master key, or the admin can opt to use her own custom key for an added measure of protection.

Many -- but not all -- EC2 instance types support Amazon EBS encryption, and an admin cannot change encryption after creating a volume. That is, an unencrypted volume cannot later be encrypted, and an encrypted volume cannot later be unencrypted. If an admin does need to change Amazon EBS encryption status, she can migrate one volume to another with the desired encryption set for the destination volume.

Next Steps

Boost application, EBS performance

Back up cloud workloads with EBS snapshots

Save an EBS snapshot to Amazon S3

This was last published in June 2016

Dig Deeper on AWS security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How do you manage Amazon EBS access and security?
Cancel

-ADS BY GOOGLE

SearchCloudApplications

TheServerSide.com

SearchSoftwareQuality

SearchCloudComputing

Close