Setting Up a Datacenter with EBS Encryption | Kafka DocumentationMenu
Datacenters running on Amazon’s EBS infrastructure can be encrypted with an AWS KMS key. You can encrypt both your EBS volumes and S3 backups using this key. In order to do this, you need to have an AWS account, create an AWS KMS key under Key Management service in AWS console and link it to your account on the Instaclustr management console.
Below are steps to set this up:
In your AWS account:
- Go to key management service
- Create/view an AWS Encryption Key in the datacenter’s intended region.
- Add Instaclustr’s account (624537489435) as an External Account
In your Instaclustr account:
- Go to Account → Encryption Keys to add encryption keys.
- When you Create a cluster or Add a datacenter:
- Finish the create a cluster or add a datacenter process to provision the encrypted datacenter.That’s it! Encryption and decryption will be handled transparently by AWS’ Key Management Service, so use the datacenter as you would with a datacenter of no encryption.
For more information regarding Amazon’s encryption service see:
Enabling this feature on existing cluster
Most clusters will require a DC migration to move to encrypted EBS.
Set up your AWS Encryption keys as per the process above, and email firstname.lastname@example.org to request adding this on your existing cluster.
We are available to provide additional information and guide you through this process. Please email email@example.com or raise a new ticket.