By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Replacing unecrypted EBS volumes with encrypted ones on the running EC2 instances

0

Hi Team, we have received Shepherd risks for using unencrypted EBS volumes in the EC2 instances. Now to resolve this issue, I am creating a snapshot of the existing EBS volumes and trying to create an encrypted volume from that snapshot. While creating a new volume, it shows a success message that the volume is created but when I click on the volume link, it says volume doesn't exist.

Attaching ss for reference.

Success message Error Message

asked 2 months ago66 views
2 Answers
2

This could be because your KMS Key doesnt have the correct Policy or you do not have IAM permissions to the KMS Key

https://repost.aws/knowledge-center/ebs-volume-does-not-exist

profile picture
EXPERT
answered 2 months ago
EXPERT
reviewed 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • This is likely the correct answer. EC2 will say a CreateVolume operation is successful even when KMS access is missing, but the volume will never appear. CloudTrail in the region will show the KMS operations that are failing with an access denied error.

2

Hi,

Did you copy the snapshot(unencrypted) to an encrypted copy before creating an encrypted volume from encrypted snapshot?

You can follow this guide: https://medium.com/@kuldeepkumawat195/how-to-encrypt-an-existing-unencrypted-ec2-ebs-volume-280069e1be8f

Please also consider enabling default encryption for EBS Volumes in the future, it's region specific settings: https://docs.aws.amazon.com/ebs/latest/userguide/encryption-by-default.html

profile picture
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions