S3 Repository Encryption
Veeam Backup for AWS allows you to enable encryption at the S3 repository level. Veeam Backup for AWS encrypts backup files stored in S3 repositories the same way as Veeam Backup & Replication encrypts backup files stored in backup repositories. To learn what algorithms Veeam Backup & Replication uses to encrypt backup files, see the Veeam Backup & Replication User Guide, section Encryption Standards.
To enable encryption for an S3 repository added to the Veeam Backup for AWS infrastructure, configure the repository settings as described in section Adding S3 Repositories. After you create a backup policy and specify the backup repository as a target location for image-level backups, as described in section Creating EC2 Backup Policies, Veeam Backup for AWS performs the following steps:
- Generates an encryption key to protect instance data stored in the S3 repository, and stores the key in the configuration database on the backup appliance.
- Uses the generated key to encrypt backed-up data transferred to the S3 repository when running the backup policy.