Data Encryption

By default, Amazon S3 Buckets are encrypted by default with Amazon S3 managed keys (SSE-S3). For more information on S3 encryption, see AWS Documentation.

For enhanced data security, Veeam Backup for AWS allows you to encrypt backed-up data in backup repositories using Veeam encryption mechanisms. Additionally, Veeam Backup for AWS supports native AWS KMS encryption of EC2 and RDS instance volumes, and cloud-native snapshots, as well as encryption of EFS file systems and DynamoDB tables.

For data encryption, Veeam Backup for AWS uses the 256-bit Advanced Encryption Standard (AES). For more information about AES, see Advanced Encryption Standard (AES).


Sensitive customer data (credentials of user accounts required to connect to virtual servers and other systems, cloud credentials, and so on) is stored in the configuration database in the encrypted format.


In This Section