- 最新
- 最多得票
- 最多評論
Your understanding is right, here is how you'd do it:
- Create snapshot of the root volume that is attached to instance
- Create a copy of snapshot with encrypting enabled
- Create a new Encrypted volume from an encrypted snapshot
- Detach the existing volume and replace it with the Encrypted volume -> Instance needs to be shutdown before this step.
Hope this helps.
Comment here if you have additional questions, happy to help.
Abhishek
Thanks @secondabhi_aws - I did already try that, but the detaching of the existing volume failed (silently), presumably because it's the root volume and the instance was still running. To avoid the need to shut down the instance, I thought I'd try the replace root volume option. But it seems like I will need to shut it down before I can detach the existing root volume, attach the new encrypted one and then restart the instance. But, you don't mention the need to shut it down, so wondering if there is a way to replace it without the shutdown. I understand logistically why this is likely not possible, but the lack of useful error messages in the AWS dashboard is pretty awful in my opinion.
I just checked the Network > Response tab and it has:
Invalid snapshot for root volume for virt i-xxxxxxxxxxxxxxxxx. The snapshot should be of one of the root volumes attached to the instance in the past
So I guess my first comment is why is that error hidden away in the dev console and not displayed in the GUI interface?
And, the snapshot is of the root volume, but it's an encrypted copy of the original snapshot. It's a shame this doesn't seem to work. From what I can tell this means I need to shutdown the instance, detach the volume and attach a new root volume made from this encrypted snapshot - does that sound correct?
Thanks.
相關內容
- 已提問 1 年前
Yes absolutely, instance needs to be shut down while detaching and attaching the root volume as otherwise it would not let you to do the same. I have updated my answer as well and mentioned this explicitly. I presumed it that you'd shutdown while detaching/attaching the volume. :)