New Training: Create EC2 Encrypted Filesystem
In this 5-video skill, CBT Nuggets trainer Bart Castle teaches you how to create an encrypted file system within an existing EC2-attached EBS volume. Learn how to create a volume and a file system and how to mount them automatically on system startup. Watch this new AWS training.
Learn AWS with one of these courses:
This training includes:
23 minutes of training
You’ll learn these topics in this skill:
Automated Encrypted File System
Encrypted File System: Prereqs
Encrypted File System: Secret Password
Encrypted File System: User Data Script
Encrypted File System: Testing
How Does Amazon EBS Encryption Work?
When you create encrypted EBS volumes and snapshots, you do this using AWS Key Management Service customer master keys (CMK). This means that you don't have to create, maintain and secure your own key management infrastructure. EBS further performs the encryption directly on the server that hosts your EC2 instances, and you can attach encrypted and unencrypted volumes to these instances at the same time.
You can encrypt not just the data volumes of your EC2 instances, but also your boot volumes. You can encrypt the following types of data:
Any data that is at rest within the volume.
Any data that is moving between the instance and the volume.
Any snapshots that you create from the volume.
Any volumes that you create from your snapshots.
EBS encrypts data using the AES-256 algorithm. While it does store your data key on the disk, it encrypts it as well with your CMK.