Posted On: Aug 1, 2018

Customers can now use AWS Key Management Service (KMS) to manage encryption of data stored in the cloud by AWS Storage Gateway.  AWS KMS is a managed service that makes it easy for you to create and control encryption keys used to encrypt your data. Storage Gateway now supports AWS KMS for encryption of data stored in AWS by all gateway types. This includes virtual tapes managed by Tape Gateway, in-cloud volumes and EBS Snapshots created by Volume Gateway, and files stored as objects in Amazon Simple Storage Service (S3) by File Gateway. 

If AWS KMS is not used, all data stored in AWS by the Storage Gateway service is encrypted with Amazon S3-Managed Encryption Keys (SSE-S3) by default. In addition to encryption at rest, all data transferred between any type of Storage Gateway and AWS is encrypted using SSL.

This feature is available in all AWS regions where Storage Gateway is available, except for the AWS China (Beijing) region. You can enable AWS KMS on Storage Gateway via the API. For more details, please visit Storage Gateway documentation for encrypting your data with AWS KMS.