AWS CMK Encryption

In this article

    Veeam Backup for AWS allows you to back up, replicate and restore data of EC2 and RDS instance volumes encrypted with AWS Key Management Service (AWS KMS) customer master keys (CMKs). Additionally, you can encrypt unencrypted data and change CMKs used to encrypt data when performing the following operations:

    If you back up, replicate or restore data of an encrypted RDS instance or an EC2 instance that has encrypted EBS volumes, depending on the operation performed with the instance, you must grant to the IAM role that Veeam Backup for AWS uses for the operation permissions to access different CMKs:

    If you back up, replicate or restore data of an unencrypted RDS instance or EC2 instance, and if you want to encrypt the backed-up or restored data, you must grant to the IAM role that Veeam Backup for AWS uses to perform the operation permissions to access only the CMK with which you want to encrypt the data.

    Note

    To learn how to grant to an IAM role permissions to use a CMK, see this Veeam KB article.

    I want to report a typo

    There is a misspelling right here:

     

    I want to let the Veeam Documentation Team know about that.