Amazon EBS encryption

Choose whether to use the default or custom Amazon EBS encryption. This option will encrypt your replicated data at rest on the Staging Area Subnet disks and the replicated disks.

Default – The default Amazon EBS encryption Volume Encryption Key will be used (which can be an EBS-managed key or a CMK). .
Custom – You will need to enter a custom customer-managed key (CMK) in the regular key ID format.

If you select the Custom option, the EBS encryption key box will appear. Enter the ARN or key ID of a customer-managed CMK from your account or another AWS account. Enter the encryption key (such as a cross-account KMS key) in the regular key ID format (KMS key example: 123abcd-12ab-34cd-56ef-1234567890ab).

To create a new AWS KMS key, click Create an AWS KMS key. You will be redirected to the Key Management Service (KMS) Console where you can create a new key to use.

Learn more about EBS Volume Encryption in this Amazon EBS article.

Important

Reversing the encryption option after data replication has started will cause data replication to start from the beginning.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Amazon EBS volume type

Using an AWS KMS Customer Managed Key (CMK) for encryption