Protecting Your High-Performance File Systems with Amazon FSx for Luster
As enterprises shift their high-performance workloads to cloud solutions, storage and data protection go hand in hand. Many companies have internal and external security rules and regulations that they must adhere to when storing their data. Amazon FSx for Chandelier offers fully managed and scalable file systems for fast processing workloads, providing secure and shared access to your users.
In this blog, we show you how you can protect your data using the encryption feature of FSx for Luster. This will help you improve security and limit the likelihood of a breach resulting in data loss. AWS uses the shared responsibility model for secure cloud computing.
Encrypting Your FSx File Systems for Luster
FSx for Luster supports two types of encryptions: encryption at rest and encryption in transit. However, when you create an FSx for Luster filesystem, data-at-rest encryption is automatically enabled and uses the XTS-AES-256 block cipher algorithm to encrypt the file system. If you use a temporary or scratch file system, it encrypts data at rest using the unique keys managed by Amazon FSx, and the keys are destroyed after the file system is deleted.
FSx for Luster persistent file systems allow you to encrypt data at rest by specifying the AWS Key Management Service (AWS KMS) customer-managed key or AWS-managed key. By default, persistent file systems use a key managed by AWS. FSx for Luster ensures that data is automatically encrypted before being written to the file system. Likewise, it is decrypted before being presented to the application. This process does not result in any coding or application changes required by the customer.
You can see details of Persistent File System encryption through the AWS Management Console, API, and by running the following command from the Luster Amazon EC2 Customer. Scratch filesystem keys are not displayed via console, API or via CLI…