I am using amazon aws. I created one ebs volume with encryption with the default key. then I attached it to the ec2 instance and mounted the ebs volume on the ec2 instance folder. Now I created a file inside the mount folder (i.e encrypted ebs volume), will this file be encrypted? I entered some text in the file and closed it. Now if I open this same file, will it show the contents or will it be encrypted? what if I access this file from the other user?
Asked
Active
Viewed 346 times
1 Answers
5
Yes, your file will be encrypted, as is the entire volume. But you won't see it in it's encrypted form.
Encrypted EBS volumes use "encryption at rest". This means, the data is encrypted while it's sitting on the hard drive (or EBS equivalent). The data is decrypted when it's being used by your EC2 instance. This includes when being viewed by you or any user on your EC2 instance.
When you read a block from your EBS volume, the data is decrypted automatically by AWS. The decryption happens as/before it enters your EC2 instance.
When you write a block to your EBS volume, the data is encrypted automatically by AWS. The encryption happens as/after it leaves your EC2 instance.
You will never see the data in it's encrypted form. You simply need to trust that AWS is encrypting it.
Matt Houser
- 33,983
- 6
- 70
- 88
-
So this means that if a user other than ec2-user(on the same ec2 instance) tries to read it, he will not be able to read the actual text (because its encrypted on EBS ). What I tried was, I created another user on same ec2 instance and tried to access the file which was created by ec2-user on EBS . But still, I can read it in the simple text which was the reason for my confusion. – Rahul Assassin May 17 '17 at 06:27
-
@RahulAssassin That is not what I said. All users on your EC2 instance will see the data **unencrypted**. At no time will you ever see the data encrypted. The data is only encrypted as it sits in the AWS hardware. – Matt Houser May 17 '17 at 17:56