Amazon FSx File Gateway is no longer available to new customers. Existing
customers of FSx File Gateway can continue to use the service normally. For capabilities
similar to FSx File Gateway, visit this blog post
Data encryption using Amazon KMS
Amazon FSx File Gateway supports SMB encryption up to the latest SMB v3.1.1 specification, including AES 128 CCM and AES 128 GCM. Compatible clients will connect using encryption automatically. Additionally, FSx File Gateway uses SMB encryption when it communicates with FSx for Windows File Server in Amazon. You must configure an Amazon Direct Connect link to Amazon, and set appropriate policies to allow SMB traffic and management traffic to pass through to Amazon.
Encrypting a file system
For information see, Data Encryption in Amazon FSx in the Amazon FSx for Windows File Server User Guide.
When using Amazon KMS to encrypt your data, keep the following in mind:
-
Your data is encrypted at rest in the cloud. That is, the data is encrypted in Amazon FSx.
-
IAM users must have the required permissions to call the Amazon KMS API operations. For more information, see Using IAM policies with Amazon KMS in the Amazon Key Management Service Developer Guide.
Important
When you use an Amazon KMS key for server-side encryption, you must choose a symmetric key. Storage Gateway does not support asymmetric keys. For more information, see Using symmetric and asymmetric keys in the Amazon Key Management Service Developer Guide.
For more information about Amazon KMS, see What is Amazon Key Management Service?