Encryption at rest can be achieved on AWS with encrypted volumes with KMS keys
Create a KMS Key
From the AWS Console, go the the IAM Service, then select the left hand side menu Encryption Keys.
Create a new key with the following details:
- Alias: core-nex-uat or core-nex-prd
- Description: Encryption for Nex! volumes
- Key material origin: KMS
- Tags: environment => uat
- Key Admins: gapps-superadmin, gapps-poweruser
- Key usage: mcluster_dev, gapps-superadmin, gapps-poweruser
Authorise KMS Policy
The Nex! Orchestrator IAM User must be allowed to access the KMS key. Ensure the Nex! Orchestrator policy contains the action "kms:*"
{ "Statement": [ { "Sid": "Stmt1340424171166", "Action": [ "ec2:*", "elasticloadbalancing:*", "kms:*" ], "Effect": "Allow", "Resource": [ "*" ] } ] }