How do I turn on encryption at rest for an existing Amazon EFS file system?
I created an Amazon EFS file system without encryption and now I want to turn on encryption of data at rest.
Short description
After you create an existing file system (EFS), you can't change its encryption setting. This means you can't modify an unencrypted file system to make it encrypted. Instead, you must:
- Create a new Amazon EFS file system with encryption turned on.
- Copy the data from the existing file system into the new file system.
Resolution
- Create a new Amazon EFS file system with encryption turned on. To copy the data from your existing EFS file system to a new EFS file system, use the EFS replication feature. The EFS replication process replicates the data and metadata on the source file system to a new destination EFS file system.
After creating an EFS replication configuration, Amazon EFS performs the initial sync that copies all data and metadata on the source to the destination file system. The amount of time that the initial sync takes to finish depends on the size of the source file system. After the initial sync completes, the replication process continues to keep the destination file system in sync with the source. 2. Fail over to the destination file system.
Note: Encryption at rest isn't turned on by default when creating a new file system using the AWS CLI, API, or SDKs. For more information, see Creating a file system using the AWS CLI.
Related information
Relevant content
- Accepted Answerasked 10 months ago
- asked 4 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 8 months ago
