Encrypting AWS Instance Storage
Encrypted Data at Rest is the big term that has been floating around for several years. Just recently AWS started offering encrypted EBS volumes, the only problem with that is you cannot encrypt Instance Storage (aka Ephemeral Storage) volumes or Root volumes. This solution will not work for Root volumes, but it will for the Ephemeral volumes. The only potential problem with the encrypted EBS volumes is that AWS retains controls of the encryption keys for you in their IAM system. However since you’ve chosen to use the cloud that might not be a problem. Thankfully using SaltStack and my previous trick Just in Time Encryption Keys using SaltStack, you can automatically encrypt your Instance Storage on your EC2 Instances giving you that extra layer of security. This can be extremely beneficial if you want to convey to your clients that you are doing Full Disk Encryption and you want the ability to use SSD storage instead of EBS volumes.