Instaclustr enables Default Encryption for new AWS EBS Volumes

February 11, 2025 | By Jordan Braiuka

NetApp advises that in the coming weeks we will begin encrypting all AWS EBS volumes on the NetApp Instaclustr Managed Platform with either a customer supplied KMS key, or the default AWS EBS KMS key.  

Previously NetApp Instaclustr would only encrypt EBS volumes when supplied with a customer managed KMS key. However, with this update NetApp Instaclustr will also begin encrypting all EBS volumes with the default AWS EBS KMS key (known as aws/ebs) in each AWS account and region, when not provided with a customer managed KMS Key.  

For customers who use customer managed KMS keys, or use instance storage nodes, there is no change, and no action required from you.  

For customers who use EBS backed instances, and do not use customer managed KMS keys, NetApp Instaclustr will begin provisioning new EBS volumes encrypted with this default AWS EBS KMS key. This will apply for new cluster provisioning, and for some maintenance activities on existing clusters. There is no action required from customers, however if you do wish to expedite this upgrade process for your existing infrastructure, please reach out to our support team.  

For our Run In Your Own Account (RIYOA) customers, this change will attract an extremely minor extra cost from the cloud provider, expected to be less than a $0.001 per node per month. For our Run In Instaclustr’s Account (RIIA) customers there is no change to pricing.  

There is no change to S3 encryption as part of this change – when supplied with a customer managed KMS Key NetApp Instaclustr will encrypt the data using that key, or AWS will encrypt all data stored in an S3 bucket by default.  

If you would like more information, see NetApp Instaclustr’s Security features.  

If you have any questions about Instaclustr’s encryption options, do not hesitate to reach out to our support team.