[Bedon292]

The primary reason I see for encryption is because all of the disks are shared. Encrypting at rest is to make sure that the next user of the disk is not able to find any of your data. Even if the odds are low, you still don't want any private information leaking on accident. And you have to be able to guarantee it for things like HIPAA or PCI compliance.

[rwmj]

Are you saying that EBS exposes previous tenant disk contents when you provision a new disk? I've never heard of that happening. It would be incredibly insecure if true.

[lazide]

It shouldn’t. But do you want to be the example ‘oops’?

If FDE is easy to do, it’s usually worth it to reduce the risk to zero.