Data at Rest

aws/security aws/concept

💡 Definition

Data at Rest refers to data that is physically stored on persistent storage media, such as hard drives, solid-state drives, or backup tapes. Protecting data at rest usually involves encryption.

🔑 Key Concepts

⚙️ How it Works

When you enable encryption at rest for a service (e.g., an EBS volume), AWS uses a key (often from KMS) to encrypt the data blocks as they are written to the physical disk. When you read the data, AWS decrypts it using the same key before sending it back to you.

🎯 Use Cases

💰 Pricing Model

📝 Exam Tips (CLF-C02)


See Also: * KMS * Data in Transit