We are excited to announce the availability of Amazon EBS encryption for new EBS storage volumes, enabling you to meet security and encryption compliance requirements. This frequently requested feature provides you with seamless support for data encryption on block-level storage, at no additional cost.
Until today, you needed third-party security tools to encrypt data for EBS volumes. With Amazon EBS encryption, you can now create an encrypted EBS volume and attach it to a supported instance type. Data on the volume, disk I/O, and snapshots created from the volume are then all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage. EBS encryption is based on the industry standard AES-256 cryptographic algorithm.
To get started, simply enable encryption when you create a new EBS volume using the AWS Management Console, API, or CLI. Amazon EBS encryption is available for all the latest EC2 instances in all commercially available AWS regions. To learn more about Amazon EBS encryption, see the Amazon EBS details page.