Are i3 NVMe SSD drives encrypted by default?

Question

I have a customer exploring the i3 and encryption at rest is a requirement.  Are i3 NVMe SSD drives encrypted by default or will customers need to implement their own encryption?

Accepted Answer

The public documentation has been updated for EC2 [Linux](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssd-instance-store.html) and [Windows](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ssd-instance-store.html):

The data on NVMe instance storage is encrypted using an XTS-AES-256 block cipher implemented in a hardware module on the instance. The encryption keys are generated using the hardware module and are unique to each NVMe instance storage device. All encryption keys are destroyed when the instance is stopped or terminated and cannot be recovered. You cannot disable this encryption and you cannot provide your own encryption key.

Are i3 NVMe SSD drives encrypted by default?

相关内容