![]() For encrypting EFS volumes in general, including data at rest, refer to the Encrypting File Data with Amazon EFS white paper. To use Amazon EFS volumes for persistent storage with AWS Fargate, refer to the recent three part blog series on this topic by my colleague, Massimo Re Ferre. Amazon EKS pods launched in AWS Fargate from today will also use this feature as Amazon EKS uses the updated AWS Fargate PV 1.4. With this update, as shown in the table above, new Amazon ECS tasks launched in PV 1.4 will benefit from server-side encryption of the 20GB ephemeral storage using AWS Fargate-managed keys. Server-side encryption of ephemeral storage has been enabled for AWS Fargate via a release update to platform version 1.4. We’re working towards supporting this ( #826) Now available for newly launched Amazon EKS podsĪmazon EFS volumes (for persistent storage) Amazon EFS volumes for persistent storage.Įphemeral storage (20GB with server-side encryption).Ephemeral storage for nonpersistent storage.This adds additional layer of security to tasks running on AWS Fargate for defense in depth.įor AWS Fargate, following types of storage are supported: Using this feature ensures that data written to ephemeral storage attached to your AWS Fargate tasks and services is stored in encrypted ephemeral storage with no action required by you. This feature enables customers to meet their organizational or regulatory security and compliance requirements as ephemeral task storage is now encrypted at rest using Fargate-managed keys. Previously, to encrypt data written to task storage, AWS Fargate customers needed to design and implement data encryption controls within their application architecture in order to meet the organizational security and compliance requirements. To gather input from our customers for encrypting data at rest for AWS Fargate ephemeral storage, we sought feedback last year through AWS containers roadmap issue #314. Some compliance regulations, such as PCI DSS and HIPAA, require that data at rest be encrypted throughout the data lifecycle. Encrypting data at rest is vital for regulatory compliance to ensure that sensitive data saved on disks is protected against unauthorized access. Amazon EKS pods launched on AWS Fargate use platform version 1.4, hence any pods launched starting today will also use encrypted ephemeral storage with Fargate-managed keys.Ĭustomers building services on AWS Fargate might require encryption of data at rest that meets a specific classification or security and compliance requirement that is associated with a particular application, workload, or environment. This feature requires no additional configuration from customers for new Amazon ECS tasks and services launched in platform version 1.4. The ephemeral task storage is automatically encrypted with industry-standard AES-256 encryption algorithm using AWS Fargate-managed keys for the updated platform version. Today, we introduced server-side encryption of ephemeral storage in AWS Fargate platform version 1.4. This post was contributed by Yuling Zhou, Eduardo Lopez Biagi, and Paavan Mistry. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |