Amazon EBS 的預設加密機制

EBS 有選項可以預設開加密了:「New – Opt-in to Default Encryption for New EBS Volumes」。

不算太意外的,這個選項要一區一區開:

Per-Region – As noted above, you can opt-in to default encryption on a region-by-region basis.

也不太意外的,無法完全公開共用:

AMI Sharing – As I noted above, we recently gave you the ability to share encrypted AMIs with other AWS accounts. However, you cannot share them publicly, and you should use a separate account to create community AMIs, Marketplace AMIs, and public snapshots. To learn more, read How to Share Encrypted AMIs Across Accounts to Launch Encrypted EC2 Instances.

然後有些服務有自己的 EBS 設定,這次不受影響。而有些底層其實是用 EC2 的服務 (然後開 EBS) 就會直接套用了:

Other AWS Services – AWS services such as Amazon Relational Database Service (RDS) and Amazon WorkSpaces that use EBS for storage perform their own encryption and key management and are not affected by this launch. Services such as Amazon EMR that create volumes within your account will automatically respect the encryption setting, and will use encrypted volumes if the always-encrypt feature is enabled.

Leave a Reply

Your email address will not be published.