Protect Your AWS Compute Optimizer Recommendation Data with customer master keys (CMKs) Stored in AWS Key Management Service
Starting today, customers can choose to further protect their recommendation data generated by AWS Compute Optimizer by exporting to S3 buckets encrypted with AWS Key Management Service (KMS) Customer Master Keys (CMKs).
With this new feature, customers can choose to protect their recommendation data by using AWS KMS encrypted buckets (server side encryption with CMK) in addition to AES-256 encrypted buckets (SSE-S3). With AWS KMS, customers can benefit from added protection against unauthorized access of your data by using CMKs.
There’s no additional cost to export EC2 instance type recommendations to S3 buckets, regardless of the bucket encryption methods. Customers only pay for the S3 storage cost needed to store the export file. To get started with using AWS KMS encryption for your export buckets, you can refer to the Exporting recommendations technical documentation.