cloud engineer
If you have an existing EFS that’s unencrypted, you can encrypt it be creating a snapshot using AWS Backup, and then restoring the file system to a new EFS with encryption. If you choose to restore in a directory in the same file system, it will not be encrypted. It has to be a new EFS. In addition, you’ll be asked to select which encryption key to use. The default key will work, unless you have your own.
Here’s how to turn on Samba encryption on a share.
Edit /etc/samba/smb.conf on the Samba server.
[global] server max protocol = SMB3 smb encrypt = required lanman auth = no |
Edit /etc/samba/smb.conf on the Samba clients.
[global] smb encrypt = required client min protocol = SMB2 client max protocol = SMB3 |
To connect.
smbclient -e -m SMB3 //xxx.xxx.xxx.xxx/share-name -U username |
Here’s the CLI command to set server-side AES-256 encryption on a bucket.
$ aws s3api put-bucket-encryption --bucket bucket-name \ --server-side-encryption-configuration \ '{"Rules": [{"ApplyServerSideEncryptionByDefault": {"SSEAlgorithm": "AES256"}}]}' |
You can apply this to any existing bucket.