Posted On: Jun 10, 2024
Amazon Elastic Container Service (Amazon ECS) and Amazon Fargate now allow you to use customer managed keys in Amazon Key Management Service (KMS) to encrypt data stored in Fargate task ephemeral storage. Ephemeral storage for tasks running on Fargate platform version 1.4.0 or higher is encrypted with Amazon Web Services owned keys by default. This feature allows you to add a self-managed security layer which can help you meet compliance requirements.
Customers who run applications that deal with sensitive data often need to encrypt data using self-managed keys to meet security or regulatory requirements and also provide encryption visibility to auditors. To meet these requirements you can now configure a customer-managed KMS key for your ECS cluster to encrypt the ephemeral storage for all Fargate tasks in the cluster. You can manage this key and audit access like any other KMS key. Customers can use this feature to configure encryption for new and existing ECS applications without changes from developers.
This feature is available for Amazon ECS Tasks running on Amazon Fargate platform version 1.4.0 or higher in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To learn more, please visit our documentation.