Amazon Elastic Block Store (EBS) | Encryption Flashcards
How can I find a list of Amazon public datasets stored in Amazon EBS Snapshots?
Encryption
Amazon Elastic Block Store (EBS) | Storage
You can use the AWS Management Console to find public datasets stored as Amazon Snapshots. Log into the console, select the Amazon EC2 Service, select Snapshots and then filter on Public Snapshots. All information on public datasets is available in our AWS Public Datasets resource center.
What is Amazon EBS encryption?
Encryption
Amazon Elastic Block Store (EBS) | Storage
Amazon EBS encryption offers seamless encryption of EBS data volumes, boot volumes and snapshots, eliminating the need to build and maintain a secure key management infrastructure. EBS encryption enables data at rest security by encrypting your data using Amazon-managed keys, or keys you create and manage using the AWS Key Management Service (KMS). The encryption occurs on the servers that host EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. For more details, see Amazon EBS encryption in the Amazon EC2 User Guide.
What is the AWS Key Management Service (KMS)?
Encryption
Amazon Elastic Block Store (EBS) | Storage
AWS KMS is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. AWS Key Management Service is integrated with other AWS services including Amazon EBS, Amazon S3, and Amazon Redshift, to make it simple to encrypt your data with encryption keys that you manage. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs. To learn more about KMS, visit the AWS Key Management Service product page.
Why should I use EBS encryption?
Encryption
Amazon Elastic Block Store (EBS) | Storage
You can use Amazon EBS encryption to meet security and encryption compliance requirements for data at rest encryption in the cloud. Pairing encryption with existing IAM access control policies improves your company’s defense-in-depth strategy.
How are my Amazon EBS encryption keys managed?
Encryption
Amazon Elastic Block Store (EBS) | Storage
Amazon EBS encryption handles key management for you. Each newly created volume gets a unique 256-bit AES key; Volumes created from the encrypted snapshots share the key. These keys are protected by our own key management infrastructure, which implements strong logical and physical security controls to prevent unauthorized access. Your data and associated keys are encrypted using the industry-standard AES-256 algorithm.
Does EBS encryption support boot volumes?
Encryption
Amazon Elastic Block Store (EBS) | Storage
Yes.
Can I create an encrypted data volume at the time of instance launch?
Encryption
Amazon Elastic Block Store (EBS) | Storage
Yes, using customer master keys (CMKs) that are either AWS-managed or customer-managed. You can specify the volume details and encryption through a RunInstances API call with the BlockDeviceMapping parameter or through the Launch Wizard in the EC2 Console.
