How To Encrypt an Existing Unencrypted EBS Volume For EC2 Instance

If you find yourself in a position where you want to encrypt the existing unencrypted EBS volume, this article will be helpful for you in that scenario,

Steps that you have to follow to encrypt the existing EBS volume.

• Locate the EC2 instances and EBS volumes.
• Create a snapshot of the existing unencrypted volume
• Copy the snapshot (unencrypted) to an encrypted
• Created an Elastic Block Storage from the encrypted snapshot
• Stop the EC2 instance
• Detech existing volume
• Attach the new volume
• Restart the EC2 instance
• Additional considerations

Location of EC2 Instance and EBS Volume

Elastic Block Storage volume is attached to the EC2 instance by the EC2 dashboard. The volume information can be found by selecting the EC2 instance and clicking on the storage tab.

In this screenshot, you can see that the apache-server instance has an unencrypted EBS volume, but at the end of this article, you will see it encrypted in “yes” state.

Also, ReadPerforming Basic Operation On AWS Bucket In Spring Boot Java

Create a Snapshot of The Existing Unencrypted Volume
Go to the EBS Dashboard by clicking on the volume ID in the Storage section of the EC2 Dashboard. Choose the Elastic block storage volume and create a snapshot as shown below.

This allows you to use tags to create identifiable descriptions (optional). Once created, the snapshot will be moved to the snapshots panel.

Copy The Snapshot (Unencrypted) To an Encrypted

The first encrypted snapshot occurs when the volume is copied to the new snapshot.

Select the action to copy the snapshot. This returns a popup modal with options. Click on the Encryption option. You can use the default key or any key (after creating it in KMS).

Created an Elastic Block Storage from the encrypted snapshot

Next, create an encrypted volume. It is created from an encrypted snapshot, so it contains all the data on the original EBS volume.

Encryption is enabled by default. The main monitoring option is 'Availability Zones' which should be set exactly the same as in EC2. For example, if your EC2 is in ap-south-1, you should create your volume here as well.

Stop the EC2 instance

Assign the next steps when your user base is at its lowest or during scheduled maintenance. To detach/attach a new block storage volume, you need to stop the EC2 process.

Detech existing volume

Now please make sure that the EC2 instance should be stopped. First, copy the root device name from the EC2 control panel. This will help you in the next steps.

Then navigate to Elastic Block Storage Volumes in the left navigation bar. Detach an existing EBS volume. EC2 is now ready to accept newly created volumes from snapshots.

Attach The New Volume

Now attach the newly created volume to the recently available instance.

During this setup configuration, the root device name will be the same as the previous volume so please Select the EBS volume and create a snapshot as shown below.one copied on the previous step.

Restart the EC2 Instance

All the hard steps are now complete. Restart EC2. Select the stopped instance and click Start Instance from the same Instance State dropdown menu that was previously stopped. Expect some minutes of processing time before everything is fully functional.

You have now completed replacing your unencrypted EC2 storage volume with a new encrypted (potentially larger) volume. All hard work done. But be aware of the additional considerations and test carefully to make sure you don't lose anything.

Additional Considerations

It is important to keep track of processes that may be affected by a system reboot.

For example, restarting an EC2 instance breaks apache servers and requires a restart. Most services are automatically returned. In that case, you have to restart your apache server, look at the documentation, or talk to your team lead.

If you encounter any issues while creating/attaching the new volume, you can always go back to the previous storage volume and try again when ready.

You have done it. Keep learning and happy learning!