Encryption at rest can be achieved on AWS with encrypted volumes with KMS keys
From the AWS Console, go the the IAM Service, then select the left hand side menu Encryption Keys.
Create a new key with the following details:
The KMS key ARN must be set in the Nex! configuration. Get the ARN from the AWS Console key details (eg: arn:aws:kms:us-east-1:681271161082:key/50997aaf-7603-421f-8514-4e758738eeb7)
In Nex! configuration, set the parameters volume_encryption_key_id per region:
compute: lxc: ... encrypted: true volume_encryption_key_id: southeast-1: arn:aws:kms:ap-southeast-1:681271161082:key/53bd91c9-0156-4e1a-b9b3-6789052078fc ... docker: ... encrypted: true volume_encryption_key_id: southeast-1: arn:aws:kms:ap-southeast-1:681271161082:key/53bd91c9-0156-4e1a-b9b3-6789052078fc ... |