En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

CloudFormation changes

0

Hello, I have created an EC2 instance with Boot and Data EBS volume having AWS managed KMS key encryption using Cloud Formation Template Deployment.
Now, I have to change the EBS volume encryption to CMK KMS key. Will my EC2 instance get destroy and recreate again on next cloud formation deployment after making encryption key changes manually to EBS. How can I avoid destroying my EC2 instance.

Sujets
Gestion et gouvernance
Balises
AWS CloudFormationChiffrement
Langue
English
Himanshu
demandé il y a 2 ans221 vues
1 réponse
0

Hi There

After the instance is running, modifying the KmsKeyId parameter of the EBS volume inside the BlockDeviceMapping property results in instance replacement.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html

You cannot change the encryption key on an EBS volume. You need to take a snapshot and create new volumes with the new key See https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/

Can you clarify though, have you already changed the EBS encryption outside of CloudFormation?

profile pictureAWS
EXPERT
Matt-B
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents