Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

EBS snapshots and S3 encryption

0

I know that EBS snapshots are stored in S3 in a hidden location not accessible by the customer.

My question was how the snaps are stored within this hidden section of S3. Is it a single bucket per account holding all of the snaps or just some secret mechanism not based on what customers normally see when managing a bucket in the console or api

Though my main question, coming from my security officer, was if the snaps in S3 are stored in an encrypted bucket or just encrypted at rest in general. Or if that's left up to the customer to encrypt their EBS volumes themselves so the snaps will be encrypted as well when they get to the S3 location.

Thanks for any answers.

Argomenti
Computazionali
Tag
Amazon EC2
Lingua
English
jamesmay
posta 4 anni fa361 visualizzazioni
2 Risposte
0

Hi James
If you refer to this information, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html, you will see that snapshots of un-encrypted EBS volumes are not encrypted. So for snaphots encryption it really is about encryption of the EBS volumes first, and then they get encrypted once you snapshots. It will use the same KMS keys and mechanism it was used at EC2 level/EBS. I hope this answers your security team question.
My advice is always encrypt the EBS volumes.
Augusto

kiniama
con risposta 4 anni fa
0

Thanks!

jamesmay
con risposta 4 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente