How to encrypt an existing ebs volume of an EC2 instance ?
- 1)
- Take snapshot of existing ebs volume
- copy snapshot of above to new encrypted snapshot (using encryption)
- create volume from the encrypted snapshot (in the same us-east-1a/us-east-1b/us-east-1c availability zone as of EC2)
- stop ec2 instance
- detach existing unencrypted ebs volume
- attach new encrypted ebs volume to the ec2 instance
- start the instance again
- 2)
- Assume you have an non-encrypted EBS volume attached to EC2 instance
- Create an EBS volume with encrypt option
- Attach encrypted EBS volume to EC2 (in addition to the existing non-encrypted EBS volume)
- Now EC2, 2 EBS volumes are under a single AZ say us-east-1a
- 1st EBS volume mounted to /opt/ebs1 -> non-encrypted EBS volume
- 2nd EBS volume mounted to /opt/ebs2 -> Encrypted EBS volume
- Now copy content from non-encrypted EBS volume to Encrypted EBS volume
- Once done, detach non-encrypted EBS volume from EC2 instance
- EBS volumes are limited to a specific availability zone
Snapshots are limited to a specific region
EC2 and EBS volumes attached to the EC2 instance must be in the same AZ
However you can copy snapshots across regions
No comments:
Post a Comment