Read on:

AWS for Beginners: Understanding AWS Terminologies: Part 1
AWS for Beginners: What is AWS EC2: Part 2
AWS for Beginners: AWS Compute Services: Part 3
Read More

Amazon Elastic Block Store (EBS) is a block-level storage service for Amazon Elastic Compute Cloud (EC2) instances. EBS volumes are network-attached storage that can be provisioned and used independently from the life of an EC2 instance. EBS volumes can be encrypted for added security and can be used in a variety of different workloads, including big data, data warehousing, and business-critical applications.

Protect Your Data with BDRSuite

Cost-Effective Backup Solution for VMs, Servers, Endpoints, Cloud VMs & SaaS applications. Supports On-Premise, Remote, Hybrid and Cloud Backup, including Disaster Recovery, Ransomware Defense & more!

To encrypt an unencrypted EBS volume in AWS, you can use the AWS Management Console, AWS Command Line Interface (CLI), or the AWS SDKs. Here are the steps to encrypt an unencrypted EBS volume using the AWS Management Console.

Workflow:

Encrypt an Unencrypted AWS EBS Root Volume

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/

Download Banner

Encrypt an Unencrypted AWS EBS Root Volume

2. Select the EC2 instance and navigate to the section “Storage”. Click the volume lD to take the page to the “Volume” section. You can also directly navigate from the navigation menu on the left side.

Encrypt an Unencrypted AWS EBS Root Volume

3. Select the unencrypted volume that you want to encrypt. From “Actions”, Click “Create Snapshot”.

Encrypt an Unencrypted AWS EBS Root Volume

4. Choose “Actions”, then choose “Encrypt volume”.

Encrypt an Unencrypted AWS EBS Root Volume

5. Here is the snapshot details. You can navigate to the snapshot in the left side plane.

Encrypt an Unencrypted AWS EBS Root Volume

6. Let’s create a new volume from the snapshot.

Encrypt an Unencrypted AWS EBS Root Volume

7. In this window, ensure that you have selected the “Encrypt this volume” option. You must select the “Availability zone” same as the instance location. For encryption, You need to select the KMS key.

Encrypt an Unencrypted AWS EBS Root Volume

8. Here is the new encrypted volume created from the snapshot.

Encrypt an Unencrypted AWS EBS Root Volume

9. Stop the running instance.

Encrypt an Unencrypted AWS EBS Root Volume

10. Select the unencrypted volume. From actions menu, click “Detach Volume”.

Encrypt an Unencrypted AWS EBS Root Volume

11. Click on the encrypted volume and click on “Attach volume”.

Encrypt an Unencrypted AWS EBS Root Volume

12. Select the instance in which we need to attach the volume.

Encrypt an Unencrypted AWS EBS Root Volume

13. Navigate back to the instances. Now we can see that instance volume is encrypted.

Encrypt an Unencrypted AWS EBS Root Volume

14. Let’s start the instance and validate the migration. If the public IP is enabled, You can directly connect from AWS console.

Encrypt an Unencrypted AWS EBS Root Volume

Encrypt an Unencrypted AWS EBS Root Volume

Conclusion:

We have successfully converted the unencrypted AWS EC2 instance root disk to encrypted one. This can be achieved using the AWS CLI and can be scripted as well if you need to do the bulk migration. But it’s always recommended to plan in advance and launch instances with encryption rather than doing migration at later stage. Because this requires man-hours and need the outage window for detaching the old disk and booting from the new encrypted disk. Hope this article is informative to you.

AWS for Beginners: How to Protect AWS Security Tools: Part 4
AWS for Beginners: What is IAM (Identity and Access Management) and Best Practices: Part 5
AWS for Beginners: Provisioning IAM Users and Programmatic Access in AWS: Part 6
AWS for Beginners: Securing Root account using MFA: Part 7
AWS for Beginners: Amazon S3 Overview, Security and Best Practices : Part 8
AWS for Beginners: Creating and managing IAM groups: Part 9
AWS for Beginners: AWS Managed Policies and In-line Policies: Part 10
AWS for Beginners: Create and Attach a policy to an IAM User: Part 11
AWS for Beginners: How to Create a Customer Managed Policy: Part 12
AWS for Beginners: What are EC2 Placement groups: Part 13
AWS for Beginners: ALB vs NLB vs GLB – Which AWS Load Balancer Should You Choose: Part 14
AWS for Beginners: What is AWS Elastic IP Address: Part 15
AWS for Beginners: How to add secondary IP to EC2 Instance using Elastic Network Interfaces (ENI): Part 16
AWS for Beginners: How to Enable Multi-Attach for Amazon EBS Volumes: Part 17

Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.

Rate this post