How to create an encrypted file on encrypted EBS volume (AWS) attached to an AWS EC2 instance?
Question
I am using amazon aws. I created one ebs volume with encryption with the default key. then I attached it to the ec2 instance and mounted the ebs volume on the ec2 instance folder. Now I created a file inside the mount folder (ie encrypted ebs volume), will this file be encrypted? I entered some text in the file and closed it. Now if I open this same file, will it show the contents or will it be encrypted? what if I access this file from the other user?
1 answers
solution1
5 2017-05-16 15:44:47
Yes, your file will be encrypted, as is the entire volume. But you won't see it in it's encrypted form.
Encrypted EBS volumes use "encryption at rest". This means, the data is encrypted while it's sitting on the hard drive (or EBS equivalent). The data is decrypted when it's being used by your EC2 instance. This includes when being viewed by you or any user on your EC2 instance.
When you read a block from your EBS volume, the data is decrypted automatically by AWS. The decryption happens as/before it enters your EC2 instance.
When you write a block to your EBS volume, the data is encrypted automatically by AWS. The encryption happens as/after it leaves your EC2 instance.
You will never see the data in it's encrypted form. You simply need to trust that AWS is encrypting it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.