Sep 19, 2018

Encrypting Root EBS Volumes for AWS Deployments

In order to encrypt your root volume, you will have to follow one of the following methods:

Method 1:

Step 1: Create an Ami from an existing instance:

Step 2: Once the Ami has been created , create a copy of the AMI with encryption enabled for target EBS snapshot:

Step 3: Create an instance with the newly created Ami with encryption:
You will see the root volume showing as encrypted.

Method 2:

Step 1: stop instance (select instance > actions > instance state> stop

Step 2: Create a snapshot of your existing root volume:
or go to the volume page > choose the root volume>actions > create snapshot

Step 3: Once the snapshot has been created copy the snapshot (snapshot> actions> copy) and enable encryption in the process (check encrypt this snapshot)

Step 4: Once new copy of snapshot of root volume has been created with encryption create a new volume from the new snapshot (which will in turn be encrypted)

Step 5: Detach old Root volume

Step 6: Attach new encrypted root volume created from the encrypted snapshot copy

Step 7: start the instance back