Encryption options for EBS

0

Hi, IHAC that is looking for the encryption options for EBS volumes and wants to correlate with the options they used on other cloud platform as: There are 3 options e when encrypting the disks of a virtual machine: SSE, ADE, Host encryption.

  • In SSE, it encrypts the disk at the storage level by managing the key itself or with my key, providing security against physical disk theft.
  • In ADE, it encrypts the disk at the OS level by using bitlocker or dm encryption, if someone enters the portal and exports the disk, they cannot open it because it is encrypted.
  • In Host, it also encrypts the temp disks that ADE cannot do.

Is there encrypting done by default in AWS for the disks of a virtual machine? Which of the above does the disk encryption option it asks for are covered in the virtual machine setup steps ?

Thanks

1 Answer
3
Accepted Answer

Hello ,

As You mention Traditional Encryption Models like :

  • SSE (Storage Service Encryption):
  • ADE (Application or OS-level Encryption):
  • Host Encryption:

AWS EBS Encryption

Is there encrypting done by default in AWS for the disks of a virtual machine?

  • No, there is no default encryption for EBS volumes in AWS. You must explicitly enable encryption when creating a new volume.

Which of the above does the disk encryption option it asks for are covered in the virtual machine setup steps ?

  • In the context of AWS, the disk encryption option covered in virtual machine setup steps is equivalent to the SSE (Storage Service Encryption) model.

This means you'll typically find options to enable or disable encryption when creating an EBS volume and specifying the KMS key to use for encryption.  

AWS EBS encryption aligns most closely with the SSE model you described in traditional encryption methods.

https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile picture
EXPERT
Sandeep
reviewed a month ago
profile picture
EXPERT
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions