Security - AWS Storage Services Overview


IAM enables access control for your EBS volumes, allowing you to specify who can access which EBS volumes.

EBS encryption enables data-at-rest and data-in-motion security. It offers seamless encryption of both EBS boot volumes and data volumes as well as snapshots, eliminating the need to build and manage a secure key management infrastructure. These encryption keys are Amazon-managed or keys that you create and manage using the AWS Key Management Service (AWS KMS). Data-in-motion security occurs on the servers that host EC2 instances, providing encryption of data as it moves between EC2 instances and EBS volumes.

Access control plus encryption offers a strong defense-in-depth security strategy for your data. For more information, see Amazon EBS Encryption in the Amazon EBS User Guide.