This section explains the steps to configure EBS Encryption Using NSX Advanced Load Balancer CLI.

To enable the encryption using CLI, enter the Controller bash and enter the following options under the cloud configuration mode:

  • Entering the mode keyword enables the SSE KMS mode of AWS encryption mode.

  • Entering the key keyword allows you to enter the AWS KMS ARN ID of the master key for encryption.

configure cloud aws_cloud
        s3_encryption [mode | key]
        ebs_encryption [mode | key]
  • It is recommended to provide the key in the format of arn:aws:kms:AWS-Region:AWS-Account-ID:key/CMK-key-ID. Providing just the Key ID is not enough.

  • If you are using encryption be default in the AWS account, use the same Key ID during deployment of the Controller.

  • Starting with NSX Advanced load balancer 22.1.3, GP3 is the default EBS volume type. Prior to this, GP2 was the default type.