CloudFormation changes

0

Hello, I have created an EC2 instance with Boot and Data EBS volume having AWS managed KMS key encryption using Cloud Formation Template Deployment.
Now, I have to change the EBS volume encryption to CMK KMS key. Will my EC2 instance get destroy and recreate again on next cloud formation deployment after making encryption key changes manually to EBS. How can I avoid destroying my EC2 instance.

feita há 2 anos283 visualizações
1 Resposta
0

Hi There

After the instance is running, modifying the KmsKeyId parameter of the EBS volume inside the BlockDeviceMapping property results in instance replacement.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-blockdev-template.html

You cannot change the encryption key on an EBS volume. You need to take a snapshot and create new volumes with the new key See https://aws.amazon.com/premiumsupport/knowledge-center/ebs-change-encryption-key/

Can you clarify though, have you already changed the EBS encryption outside of CloudFormation?

profile pictureAWS
ESPECIALISTA
Matt-B
respondido há 2 anos

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas