Another key aspect of security is to secure the data stored in physical storage devices such as hard disks, USB drives, SAN devices, and so on. In the AWS cloud world, these would be AWS data storage services such as S3, RDS, Redshift, DynamoDB, and so on. To secure data at rest, symmetric encryption is used; that is, the data is encrypted with an encryption key, and the data is secure as long as the encryption key is secure, so all effort is directed at keeping the encryption key secure.

AWS provides the Key Management Service (KMS) to resolve issues related to the management and storage of encryption keys, as described in the previous section. This service is also used to secure data at rest. The encryption of data at rest is a key component of regulations such as HIPPA, PCI DSS, SOC 1, 2 , 3 and so on. In the upcoming sections we walk you through the process of securing the data at rest for S3 and RDS.