Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

CloudFormation changes

0

Hello, I have created an EC2 instance with Boot and Data EBS volume having AWS managed KMS key encryption using Cloud Formation Template Deployment.
Now, I have to change the EBS volume encryption to CMK KMS key. Will my EC2 instance get destroy and recreate again on next cloud formation deployment after making encryption key changes manually to EBS. How can I avoid destroying my EC2 instance.

Argomenti
Gestione e amministrazione
Tag
AWS CloudFormationCrittografia
Lingua
English
Himanshu
posta 2 anni fa221 visualizzazioni
1 Risposta
0

Hi There

After the instance is running, modifying the KmsKeyId parameter of the EBS volume inside the BlockDeviceMapping property results in instance replacement.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html

You cannot change the encryption key on an EBS volume. You need to take a snapshot and create new volumes with the new key See https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/

Can you clarify though, have you already changed the EBS encryption outside of CloudFormation?

profile pictureAWS
ESPERTO
Matt-B
con risposta 2 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente