EC2 Disk Encryption long after creation

0

We have a handful of VM's running older CentOs distros and when they were created several years back the disks were not encrypted. We want to know if they can be encrypted after and if yes, what are the recommended steps to complete this?

Brandon
질문됨 4달 전351회 조회
2개 답변
0

Hello.

Existing unencrypted EBS cannot be directly encrypted.
Therefore, as described in the document below, you need to encrypt the snapshot when creating it from EBS and start a new EC2 from that snapshot.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters

You cannot directly encrypt existing unencrypted volumes or snapshots. However, you can create encrypted volumes or snapshots from unencrypted volumes or snapshots. If you enable encryption by default, Amazon EBS automatically encrypts new volumes and snapshots using your default KMS key for EBS encryption. Otherwise, you can enable encryption when you create an individual volume or snapshot, using either the default KMS key for Amazon EBS encryption or a symmetric customer managed encryption key. For more information, see Create an Amazon EBS volume and Copy an Amazon EBS snapshot.

To encrypt the snapshot copy to a customer managed key, you must both enable encryption and specify the KMS key, as shown in Copy an unencrypted snapshot (encryption by default not enabled).

profile picture
전문가
답변함 4달 전
0

You can't encrypt an unencrypted volume in-place.

The best you are going to be able to do is take a snapshot of the volume (which will also be unencrypted), copy this to an encrypted snapshot, and create a new EBS snapshot from this volume.

Then stop the instance, detach the unencrypted volume, and attach the encrypted volume.

If it's the root disk that's you need to work on the procedure is similar, except you create an AMI from the snapshot and from this provision a new instance with an encrypted root volume.

profile picture
전문가
Steve_M
답변함 4달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠