CloudFormation changes

0

Hello, I have created an EC2 instance with Boot and Data EBS volume having AWS managed KMS key encryption using Cloud Formation Template Deployment.
Now, I have to change the EBS volume encryption to CMK KMS key. Will my EC2 instance get destroy and recreate again on next cloud formation deployment after making encryption key changes manually to EBS. How can I avoid destroying my EC2 instance.

gefragt vor 2 Jahren283 Aufrufe
1 Antwort
0

Hi There

After the instance is running, modifying the KmsKeyId parameter of the EBS volume inside the BlockDeviceMapping property results in instance replacement.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html

You cannot change the encryption key on an EBS volume. You need to take a snapshot and create new volumes with the new key See https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/

Can you clarify though, have you already changed the EBS encryption outside of CloudFormation?

profile pictureAWS
EXPERTE
Matt-B
beantwortet vor 2 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen