I have installed the Nextcloud 18 on my EC2 Ubuntu instance & linked the S3 bucket. Now, what’s the best practice to keep the data safe by encrypting?
- Already enabled the SSL to protect the data during transit
- Under AWS, Encrypting the entire EC2 instance? & then Under AWS S3 buckets management, enabling the encryption AES-256?
Or enabling the encryption app from the NextCloud? which is the best way to protect the data?
Protect the data from whom?
You did the best to protect the data in transit (SSL; enable only TLS 1.2 and 1.3 ).
Amazon has likely more ways than one to get to your data regardless what you do.
I believe you don’t need any of it if your Nextcloud runs on hardware not under your control…
you have to do this before you setup everything.
when you launch an ec2 you should encrypt the ebs volume. same applies to the s3 bucket.
it’s possible but a bit tricky to encrypt everything afterwards.
if you want to start again you may find the playbook helpfull.
client side encryption? -> e.g. https://cyberduck.io/cryptomator/