Volume encryption for AWS
You can encrypt disks in AWS using the following methods:
Default encryption, using Platform Managed Key (PMK).
Customer Managed Encryption Key (CMEK), using AWS KMS.
For more information on AWS encryption, see: Amazon EBS encryption.
Table: Encryption for creating snapshots
Disk encryption | Snapshot encryption |
|---|---|
Platform Managed Key (PMK) | Same PMK is used as the source disk. |
CMEK | Same CMEK is used as the source disk. |
Table: Encryption for restoring snapshots
Snapshot encryption | Restored disk encryption |
|---|---|
PMK | Same PMK is used as the snapshot. |
CMEK | Same CMEK is used as the snapshot. |
Table: Encryption for restoring from backup
Snapshot encryption | Restored disk encryption |
|---|---|
PMK | Same PMK is used as the source disk. |
CMK | Same CMK is used as the source disk, else PMK is used. |