Aws VPC encryption controls introduced in AWS GovCloud (US) regions
AWS has launched VPC Encryption Controls in AWS GovCloud (US) Regions, enhancing the ability to audit and enforce encryption in transit across Amazon VPCs. This feature supports compliance with standards such as HIPAA and PCI DSS.
Amazon Web Services (AWS) has announced the introduction of Virtual Private Cloud (VPC) Encryption Controls in AWS GovCloud (US) Regions. This new feature is designed to simplify the auditing and enforcement of encryption for data in transit both within and across Amazon VPCs, thereby aiding compliance with established encryption standards. Users can activate this feature on their existing VPCs to monitor the encryption status of traffic flows and identify any VPC resources inadvertently allowing unencrypted traffic.
The VPC Encryption Controls facilitate the enforcement of encryption across different network paths by automatically and transparently enabling hardware-based AES-256 encryption on traffic between multiple VPC resources. This includes services such as AWS Fargate, Network Load Balancers, and Application Load Balancers. The feature is particularly beneficial for government customers who must adhere to stringent compliance standards like HIPAA, PCI DSS, FedRAMP, and FIPS 140-2, as it supports both application layer encryption and hardware-based encryption provided by AWS.
AWS ensures that all network traffic between its data centers, whether within or across Availability Zones and AWS Regions, is encrypted before leaving its secure facilities. Additionally, any inter-region traffic utilizing VPC Peering, Transit Gateway Peering, or AWS Cloud WAN benefits from an extra layer of transparent encryption prior to exiting AWS data centers. Previously, customers were required to manually track and confirm encryption across all network paths. However, with the release of VPC Encryption Controls, customers can now easily monitor, enforce, and demonstrate encryption within and across VPCs with just a few clicks. This feature allows information security teams to centrally activate encryption controls to maintain a secure and compliant environment, while also generating audit logs for compliance and reporting purposes.
VPC Encryption Controls are now available in the AWS GovCloud (US-East) and AWS GovCloud (US-West) Regions. For more information on this feature and its applications, users are encouraged to consult the AWS documentation.