If you refer to this information, https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html, you will see that snapshots of un-encrypted EBS volumes are not encrypted. So for snaphots encryption it really is about encryption of the EBS volumes first, and then they get encrypted once you snapshots. It will use the same KMS keys and mechanism it was used at EC2 level/EBS. I hope this answers your security team question.
My advice is always encrypt the EBS volumes.
- Accepted Answerasked 3 years ago
- How can I copy my Amazon EBS snapshot data to Amazon S3 and create EBS volumes for custom data in S3?AWS OFFICIALUpdated 3 months ago
- Why aren't my retention policies deleting Amazon EBS snapshots that are created by Amazon Data Lifecycle Manager?AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 10 months ago
- How can I encrypt an existing unencrypted EBS volume, or change the encryption key that my volume uses?AWS OFFICIALUpdated 10 months ago
- EXPERTpublished a year ago
- EXPERTpublished 3 months ago