[nulagrithom]

If someone is yanking and reading disks at AWS then the game was over a long time ago. Physical access always wins.

IMO, if you're on AWS (or similar) then at rest encryption is a wholly unnecessary expense, unless you need to tick some kind of regulatory checkbox. I can see it for smaller on premise racks to prevent a "smash and grab" problem, but in a secure datacenter? Nah...

[Programmatic]

Disk encryption also prevents disposal issues from affecting you, which is a separate problem than physical access.

[Avalyst]

Amazon has employees as well, yes? Employees with access to data centers? Employees that may be convinced to make some "mistakes" in the disposal of old disks combined with the early replacement of a few specific drives?

Of course this is very hypothetical and it requires the attacker to know what disk in what rack to target, I'm not saying it's the most likely scenario, I'm saying it can be avoided by flipping a switch and paying a few extra dollars so I'll keep it enabled.