>
    Strata Copilot
    Encrypt EBS Volume for the VM-Series Firewall on AWS
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series
    3. VM-Series Firewall on AWS
    4. Deploy the VM-Series Firewall on AWS
    5. Encrypt EBS Volume for the VM-Series Firewall on AWS
    Download PDF
    VM-Series

    Encrypt EBS Volume for the VM-Series Firewall on AWS

    Table of Contents

    Encrypt EBS Volume for the VM-Series Firewall on AWS

    Use the AWS KMS to encrypt data stored on the EBS volume of the VM-Series firewall on AWS.
    Where Can I Use This?What Do I Need?
    • AWS
    • AWS account
    • Amazon Machine Image (AMI) ID
    • VM-Series License (PAYG or BYOL)
    • VM-Series plugin
    • Panorama
    • Panorama plugin for AWS
    EBS encryption is available for all AWS EC2 instance types on which you can deploy the VM-Series firewall. To securely store data on the VM-Series firewall on AWS, you must first create an EBS-backed EC2 instance from a VM-Series image that is published on the AWS public or GovCloud Marketplace, or from a custom AMI. During instance creation, select the option to encrypt the EBS volume with an AWS KMS (Key Management Service) key. You may choose to use the default master key for your AWS account or any KMS key that you have previously created using the AWS Key Management Service.
    1. Create an encryption key on AWS or skip this step if you want to use the default master key for your account.
      You will use this key to encrypt the EBS volume on the firewall. Note that the key is region specific.
    2. To encrypt an EBS volume:
      1. Launch an Amazon EC2 instance.
      2. Specify your EBS volumes- If you are using an unencrypted AMI, the encryption properties will be listed as Not Encrypted.
      3. Select an AWS KMS key for encrypting the volume. You may select the same KMS key for each volume that you want to create, or you may use a different KMS key for each volume.
      4. Select Review and launch the instance. Your instance will launch with an encrypted Amazon EBS volume that uses the KMS key you selected.
    For information on encrypting existing EBS volumes, see Encrypting an existing EBS volume.

    © 2026 Palo Alto Networks, Inc. All rights reserved.