0PricingLogin
AWS Security Academy · Lesson

Encrypting S3, EBS, and RDS at Rest

Apply KMS-backed encryption across the main storage services.

Encryption at Rest

Encryption at rest protects data stored on disk so that stolen media or snapshots are unreadable.

AWS storage services integrate with KMS to encrypt data transparently. The application sees normal data; the encryption happens automatically beneath it.

S3 Server-Side Encryption

Amazon S3 offers several server-side encryption (SSE) options:

  • SSE-S3: keys fully managed by S3 (AES-256), now the default.
  • SSE-KMS: keys in KMS, with audit and access control.
  • SSE-C: you supply the key with each request.

All lessons in this course

  1. Encrypting S3, EBS, and RDS at Rest
  2. Enforcing Default Encryption Everywhere
  3. TLS Certificates with AWS Certificate Manager
  4. Storing Credentials in Secrets Manager
← Back to AWS Security Academy