Enabling Encryption of Ephemeral Data in QDS Clusters


Qubole has enabled SSE-KMS encryption for the data at rest on EBS volumes. It has enabled block device encryption on the cluster nodes’ ephemeral (local) storage. This includes HDFS and any intermediate output generated by Hadoop. Block device encryption is set up on the local devices before the node joins the cluster; this can increase the time it takes to bring up and upscale the cluster.

For custom KMS keys, you must provide additional permissions to the IAM Role that are mentioned in Sample Policies for EBS Encryption.

Qubole has enabled SSE-KMS encryption on EBS volumes by default.


You cannot view the block device encryption settings in the AWS console. You can verify it by running the lsblk command on cluster instances.