If you are encrypting a new EBS volume from scratch, you can implement the encryption of that volume by performing the following steps:
- Select the EC2 service under the Compute category within the AWS Management Console, as shown in the following screenshot:
- Select Volumes from under the Elastic Block Store menu:
- Click Create Volume. You will see something like the following:
- Input your configuration details for the EBS volume.
- Select the Encrypt this volume checkbox.
- From the dropdown list next to Master Key, select the (default) aws/ebs option:
You will notice that this adds additional details to the form:
- A KMS Description, providing a description of the key selected. This default key is the key used by KMS to encrypt EBS volumes.
- The KMS Account, which will show the AWS account from which the KMS key was used when you selected the Master Key.
- The KMS Key ID, which is a unique identifier of that particular key.
- The KMS Key ARN.
Upon completion of the newly created volume, any data then saved to this volume will be encrypted using the Advanced Encryption Standard (AES-256) algorithm. As we learned in the previous section, AES is an asymmetric encryption algorithm.