If you are encrypting a new EBS volume from scratch, you can implement the encryption of that volume by performing the following steps:

1. Select the EC2 service under the Compute category within the AWS Management Console, as shown in the following screenshot:

2. Select Volumes from under the Elastic Block Store menu:

3. Click Create Volume. You will see something like the following:

4. Input your configuration details for the EBS volume.
5. Select the Encrypt this volume checkbox.
6. From the dropdown list next to Master Key, select the (default) aws/ebs option:

You will notice that this adds additional details to the form:

• A KMS Description, providing a description of the key selected. This default key is the key used by KMS to encrypt EBS volumes.
• The KMS Account, which will show the AWS account from which the KMS key was used when you selected the Master Key.
• The KMS Key ID, which is a unique identifier of that particular key.
• The KMS Key ARN.

Upon completion of the newly created volume, any data then saved to this volume will be encrypted using the Advanced Encryption Standard (AES-256) algorithm. As we learned in the previous section, AES is an asymmetric encryption algorithm.