Trying Out AWS VPC Encryption Control

1. Introduction While reviewing recent AWS feature updates, I came across an article about "VPC Encryption Control." It was released in November 2025 and is set to become a paid feature starting March 2026. I was curious about how exactly it "enforces" encryption, so I decided to test its behavior myself. 2. What is VPC Encryption Control? (My Understanding) Initially, I wondered: "Does this mean all traffic within the VPC must be encrypted? Will it detect if I'm using SSH/HTTPS (OK) versus Telnet/HTTP (NG) by inspecting packets?" As it turns out, that’s not quite how it works. Instead, it monitors or enforces whether resources within the VPC are using Nitro-based EC2 instances or RDS that support transparent encryption at the AWS infrastructure layer. 3. What I Did Created a VPC with VPC Encryption Control enabled (Monitor mode). Set up VPC Flow Logs with specific fields required to identify whether traffic is encrypted. Verified how the following traffic patterns are judged by Encryp