EBS Encryption Key Preparation
If you are using EBS encryption for native volumes, ensure that the encryption key is setup, and that the encryption key alias is available to be used. If this is not specified during operations, the default key is used. When working in cache mode, all cached data is stored in encrypted disks. During detach, you can choose if you want to use encrypted disks or not, and can specify the key to be used.
The KMS:ListAliases permission is added to the Velostrata service user in AWS (included in Velostrata cloud formation script). Additionally, if you want to use a specific KMS key for encryption, you will need to add the AWS Velostrata service user to the list of users who can assign the specific encryption KMS key. You can do this in AWS portal, under IAM > Encryption Keys>[your chosen key for use] > Key users.
The EBS encryption option appears during the following operations: