Amazon EBS encryption - Application Migration Service

Amazon EBS encryption

Choose whether to use the default or custom Amazon EBS encryption. This option will encrypt your replicated data at rest on the Staging Area Subnet disks and the replicated disks.

Choose whether to use the default Amazon EBS encryption Volume Encryption Key, or enter a custom customer-managed key (CMK) in the regular key ID format. If you choose the Default option, the default key is used (which can be an EBS-managed key or a CMK).

If the Custom option is chosen, the EBS encryption key box will appear. Enter the ARN or key ID of a customer-managed CMK from your account or another AWS account. Enter the encryption key (such as a cross-account KMS key) in the regular key ID format (KMS key example: 123abcd-12ab-34cd-56ef-1234567890ab)

To create a new AWS KMS key, choose Create an AWS KMS key. You will be redirected to the Key Management Service (KMS) Console where you can create a new key to use.

Learn more about EBS Volume Encryption in this Amazon EBS article.


Reversing the encryption option after data replication has started will cause data replication to start from the beginning.