I'm trying to figure out how best to protect the data of a single Windows Server 2012 instance on AWS and according to "AWS_Securing_Data_at_Rest_with_Encryption.pdf" it says:
"Encrypting Amazon EBS volumes attached to Windows instances can be
done using BitLocker or Encrypted File System (EFS) as well as open
source applications like TrueCrypt. In either case, you still need to
provide keys to these encryption methods and you can only encrypt data
volumes.""Both Trend Micro SecureCloud and SafeNet ProtectV are two such
partner products that encrypt Amazon EBS volumes and include a KMI.
Both products are able to encrypt boot volumes in addition to data
volumes."
So without the above mentioned SaaS encryption products is there no free way to protect the boot volume?
Best Answer
This is an old question, but another way to protect your data at rest would be to create a second volume on your EC2 instance and encrypt that volume with BitLocker.