: Encrypt EBS Volume for the VM-Series Firewall on AWS
Focus
Focus

Encrypt EBS Volume for the VM-Series Firewall on AWS

Table of Contents

Encrypt EBS Volume for the VM-Series Firewall on AWS

Use the AWS KMS to encrypt data stored on the EBS volume of the VM-Series firewall on AWS.
EBS encryption is available for all AWS EC2 Instance Types on which you can deploy the VM-Series firewall. To securely store data on the VM-Series firewall on AWS, you must first create an EBS-backed EC2 instance from a VM-Series image that is published on the AWS public or GovCloud Marketplace, or from a custom AMI. During instance creation, select the option to encrypt the EBS volume with an AWS KMS (Key Management Service) key. You may choose to use the default master key for your AWS account or any KMS key that you have previously created using the AWS Key Management Service.
  1. Create an encryption key on AWS or skip this step if you want to use the default master key for your account.
    You will use this key to encrypt the EBS volume on the firewall. Note that the key is region specific.
  2. To encrypt an EBS volume:
    1. Launch an AWS EC2 instance.
    2. Specify your EBS volumes- If you are using an unencrypted AMI, the encryption properties will be listed as Not Encrypted.
    3. Select an AWS KMS key for encrypting the volume. You may select the same KMS key for each volume that you want to create, or you may use a different KMS key for each volume.
    4. Select Review and launch the instance. Your instance will launch with an encrypted Amazon EBS volume that uses the KMS key you selected.
For information on encrypting existing EBS volumes, see Encrypting an existing EBS volume.