Setting Up a Datacenter with EBS Encryption | Cassandra DocumentationMenu
Datacenters running on Amazon’s EBS infrastructure can be encrypted with an AWS KMS key. This will encrypt both your EBS volumes and S3 backups. This involves a few steps to set up:
In your AWS account:
- Add the AWS account ID (e.g. Your Provider account) that this key would grant access to. In the example above it gives access to Instaclustr’s account (624537489435) as an External Account
In your Instaclustr account:
- Go to Account → Encryption Keys to add encryption keys.
- When you Create a cluster or Add a datacenter:
- Finish the create a cluster or add a datacenter process to provision the encrypted datacenter.That’s it! Encryption and decryption will be handled transparently by AWS’ Key Management Service, so use the datacenter as you would with a datacenter of no encryption.
For more information regarding Amazon’s encryption service see:
- Share Custom Encryption Keys More Securely Between Accounts by Using AWS Key Management Service
- Amazon EBS Encryption
Enabling this feature on existing cluster
Most clusters will require a DC migration to move to encrypted EBS.
Set up your AWS Encryption keys as per the process above, and email firstname.lastname@example.org to request adding this on your existing cluster.
We are available to provide additional information and guide you through this process. Please email email@example.com or raise a new ticket.