AWS Encrypted Backups
AWS S3 allows uploaded backup files to be encrypted in the server side for more secure storage. The encryption is all done in the AWS S3 server side. This server side secure storage is in addition to the already encrypted Aviatrix Controller backups.
Follow the steps below to enable AWS Encrypted backups:
-
Create AWS S3 bucket.
image::controller/s3-create.png
-
After configuring other bucket properties, configure bucket server side encryption by selecting either Server-side encryption with AWS Key Management Service keys (SSE-KMS) or Dual-layer server-side encryption with AWS Key Management Service keys (DSSE-KMS).
image::controller/s3-select-default-encryption.png
image::controller/s3-select-encryption.png
-
Click Create a KMS key to create a new key. A separate tab opens where you can configure and save the key.
-
After the key is saved, go back to the Create bucket tab and enter the key in the AWS KMS key ARN field.
-
Click Create bucket.