En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

EBS snapshots and S3 encryption

0

I know that EBS snapshots are stored in S3 in a hidden location not accessible by the customer.

My question was how the snaps are stored within this hidden section of S3. Is it a single bucket per account holding all of the snaps or just some secret mechanism not based on what customers normally see when managing a bucket in the console or api

Though my main question, coming from my security officer, was if the snaps in S3 are stored in an encrypted bucket or just encrypted at rest in general. Or if that's left up to the customer to encrypt their EBS volumes themselves so the snaps will be encrypted as well when they get to the S3 location.

Thanks for any answers.

Sujets
Calcul
Balises
Amazon EC2
Langue
English
jamesmay
demandé il y a 4 ans361 vues
2 réponses
0

Hi James
If you refer to this information, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html, you will see that snapshots of un-encrypted EBS volumes are not encrypted. So for snaphots encryption it really is about encryption of the EBS volumes first, and then they get encrypted once you snapshots. It will use the same KMS keys and mechanism it was used at EC2 level/EBS. I hope this answers your security team question.
My advice is always encrypt the EBS volumes.
Augusto

kiniama
répondu il y a 4 ans
0

Thanks!

jamesmay
répondu il y a 4 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents