Article number
Affected Versions
Source Hypervisor
Target Hypervisor

How to enable AWS S3 Encryption for ZVR

Viewed 770 times


  1. The AWS region must support S3 encryption, specifically KMS.
  2. AWS Key Management Service (KMS) is used for the encryption keys.
  3. Using the steps below, S3 encryption is only supported when data is at rest in the S3 bucket the ZCA is using.
  4. Encryption for EBS Volumes requires a separate change. Follow the instructions in the following KB:  "How to Enable AWS EBS Encryption for ZVR 6.5" or "How to Enable AWS EBS Encryption for ZVR 7.0+"
  5. S3 encryption for ZVR is set at the site level, and cannot be set on a per VPG basis.
  6. If a VPG was created before this change was applied then the objects stored in S3 for this VPG is not encrypted. It must be deleted and recreated in order for these S3 objects to be encrypted.
  7. This can only be used on a ZCA running on AWS. It cannot be used on any other site or platform other than AWS.


To apply the tweak, kindly contact Zerto Support.