Menu

Steps To Encrypt Amazon EBS Volume (Data-at-Rest)

encrypt-ebs-logo

This article will show how to Encrypt Amazon EBS volume.

Now if you want to encrypt a new volume its straight forward but when it comes to encrypting an existing EBS volume it becomes tedious task.

Usecase scenario for the same : A company has come up with new security and compliance requirements where they want to protect their data-at-rest. They have selected an option to encrypt all the data in their existing EBS volumes.

It is very simple, actually AWS has made it simple with just 5 steps you can encrypt EBS volume (existing).

Step 1 : Change the Instance State

aws-ebs-encryption
First, Stop the Instance.

Go to Volume option on left once instance is turned off.

Step 2 : Create A Snapshot

aws-create-snapshot
Create a snapshot of EBS volume
aws-snapshot-details
Proceed with appropriate details for the snapshot and hit create.

Step 3 : Copy Snapshot to change it to an Encrypted Snapshot

aws-copy-snapshot
Once snapshot is created, go ahead and copy the snapshot

 

aws-create-encrypted-snapshot
Here is the main task : Check Encryption option while creating copy. Select the encryption key(Master Key) as per your preference. For now I’m using the Default encryption key provided by aws




Step 4 : Create EBS volume from the Snapshot

Once Encrypted copy of snapshot is created successfully. Create a EBS Volume from it. This volume will be encrypted and ready to be attached with instance.

aws-create-encrypted-volume
Create a volume from the encrypted snapshot.
aws-create-encrypted-volume1
You can change properties like size, type or AZ for the volume here.

Note : Please create volume in the same availability zone as your instance.

Step 5 : Attach it to EC2 instance

aws-attach-encrypted-volume
When Volume is ready, attach it to the instance. REMEMBER First remove the old un-encrypted volume then do the following task.

 

You have now create and attached an Encrypted Amazon EBS Volume without any hassle. Your data will be the same plus added encryption acts a layer of security which will protect your data-at-rest.

Few things to keep in mind : You won’t be able to launch the same encrypted snapshot or an Amazon AMI in any other account. Once encrypted you cannot change it, the encryption key will be managed by AWS so you don’t have to worry about losing it.

 

That’s it, Thank you for reading!

Please leave your queries on comments section below. I’ll try my best to answer it asap.

– Bhargav

 

 

Blogger & Assc Cloud Architect

Post Navigation

Review: See Me

West Indies : The World T20 Champions!

Related Posts:

aws vpc peering

Understanding AWS VPC Peering

steps to create vpc peering

Create AWS VPC peering connection in 6 simple steps

Article on AWS WorkSpaces

Site Footer

Bhargav Amin © 2019-20

Sliding Sidebar

Categories

Guest Post (14) Health & Fitness (2) How-to-do's (47) Sports (8) Tech Articles (23)

Topics

amazon certificate manager amazon linux apache web server aws bitcoin bookreview cassandra cloudformation cloudfront cloudwatch cricket database DevOps ebs ec2 ELB ethereum fitness football general Git IAM java Jenkins keylogger linux linux partitions lvm migration mysql networking route53 s3 security smartphone ssh tech timetracker travelblog vpc vpc-peering vpn windows wordpress workspaces

Social Profiles

Ads

Categories

Recent Posts

Featured Post

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 66 other subscribers

Blog Stats

  • 308,822 hits

My Social Profiles

Legal

Privacy Policy Cookie Policy
Terms and Conditions