Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

CloudFormation changes

0

Hello, I have created an EC2 instance with Boot and Data EBS volume having AWS managed KMS key encryption using Cloud Formation Template Deployment.
Now, I have to change the EBS volume encryption to CMK KMS key. Will my EC2 instance get destroy and recreate again on next cloud formation deployment after making encryption key changes manually to EBS. How can I avoid destroying my EC2 instance.

Temas
Gestión y gobierno
Etiquetas
AWS CloudFormationCriptografía
Idioma
English
Himanshu
preguntada hace 2 años221 visualizaciones
1 Respuesta
0

Hi There

After the instance is running, modifying the KmsKeyId parameter of the EBS volume inside the BlockDeviceMapping property results in instance replacement.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html

You cannot change the encryption key on an EBS volume. You need to take a snapshot and create new volumes with the new key See https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/

Can you clarify though, have you already changed the EBS encryption outside of CloudFormation?

profile pictureAWS
EXPERTO
Matt-B
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante