Data encryption at rest - doubts

Hi,

1.Encryption at rest for EC2: With EBS encryption, the encryption is performed at the volume level. Each volume is encrypted using a unique key, and data is encrypted before it is written to the disk and decrypted after it is read from the disk.

** 2.Copying files between EC2 instances**: If you're within the EC2 instance, you can copy files to another EC2 instance transparently as long as both instances have access to the encrypted EBS volume. The files will remain encrypted at rest on the destination volume, but they will be decrypted when accessed from that volume.

** 3.hared folders with EBS encryption:** If you create a shared folder using NFS or SMB, users from other EC2 instances can read and copy files to/from the shared folder as long as they have the necessary permissions. The files will be decrypted when accessed from the EBS volume.

4.EFS encryption: Encryption for EFS is performed at the file level. Each file is encrypted with a unique data encryption key, and the data encryption keys are encrypted with a master key. Users can access encrypted files through standard file system interfaces, and decryption is handled transparently by the EFS service.

5.S3 encryption: S3 supports both client-side and server-side encryption. Server-side encryption can be done at the object (file) level or the bucket level. With client-side encryption, the data is encrypted before being uploaded to S3, and the decryption is handled by the client when the data is retrieved. With server-side encryption, S3 manages the encryption and decryption process using either S3-managed keys (SSE-S3), customer-provided keys (SSE-C), or AWS Key Management Service (SSE-KMS).

Hello.

1. When you say "you can copy files to another EC2 instance transparently as long as both instances have access to the encrypted EBS volume", what do you mean? If I start ssh/rdp session (os level) in EC2 with EBS encryption, and from there I copy files via scp/smb(shared folder) to another EC2(running) without encryption, is it possible?, or will files from EC2 with ebs encryption will not be readable in another EC2?

2. When you say "users from other EC2 instances can read and copy files to/from the shared folder as long as they have the necessary permissions", what do you mean? what kind of permissions? at os level? user/password and ntfs permissions for Windows or user/password/ssh keys for Linux?.

3. If in my EC2 with EBS encryption I create a shared folder, a remote user with permissions at os level for EC2 could access to that shared folder and copy files to another EC2 and be readable?

4. If I have a DB in a EC2 with EBS encryption, my applications connected to DB could read data without issue?

I want to know, EBS encryption or data encryption at rest, what kind of benefits or protection offer. This helps to leak information, ransomware o what exactly?

Thank you.