Encryption by default (Storage Gateway - Volume)

Question

Hello,  
  
I was reading the docs again and noticed it says the data stored on the Storage Gateway (Volume) is encrypted by default.  
  
Did AWS just recently have this feature added/turned on?  I remember a while back there was a checkbox for encryption.  
  
If that is the case, if any volume created before the encryption was added, does it get automatically encrypted too?  
  
Thanks,  
TT  
  
Edited by: trackstar2000 on Mar 5, 2020 2:22 PM

Answer

Hi,  
  
Great question, Storage Gateway has always supported encryption by default using S3   
  
"By default, all data stored in S3 is encrypted server-side with Amazon S3-Managed Encryption Keys (SSE-S3)", from the FAQ https://aws.amazon.com/storagegateway/faqs/

The new change you've noticed is that we now support customer managed keys with KMS see: https://docs.aws.amazon.com/storagegateway/latest/userguide/encryption.html for more information on how to set that up  
  
Thanks  
  
Edited by: ianoataws on Mar 6, 2020 10:59 AM  
 added FAQ link

Answer

Thanks.  I was looking at the snapshots and noticed the column that reads "Not Encrypted" under Encryption.

Answer

That's some great feedback, I'll pass that along to see if there's clarifications we can give here to not confuse others.   
  
Just in case anyone else is reading: Yes, all volumes are encrypted by default, the "Not Encrypted" refers to whether or not this is encrypted with a customer managed KMS key as opposed to Amazon S3-Managed Encryption Keys (SSE-S3)

Answer

Answered question

Encryption by default (Storage Gateway - Volume)

Relevant content