Create an Encrypted EBS Volume from Unencrypted Volume with Existing data on it.

If you already stored your data in AWS unencrypted volume and You know that is not safe when it comes you have sensitive data.

What you should do if the unencrypted EBS volume is being used and you want to put those data into Encrypted EBS volume.

This is the way ;

Step 1: Go to AWS EC2 Panel

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

Step 2: Instance State and Volume State

To create a snapshot for an Amazon EBS volume that serves as a root device, you before taking the snapshot.

If you don’t use your EBS storage as your root device it is enough to stop all services which are using your volume.

Actually, it is not recommended to create while data are being written and read in EBS storage. because after the snapshot was created, it would have been outdated when there is new data in EBS volume while you were creating a snapshot.

Finally, you will see the state of Volume is as in available.

Step 3. Create a Snapshot from unencrypted volume.

So right click the volume that you want to get a snapshot and click on Create Snapshot.

Then, you will get a dialog box like this below. Make a description to identify the snapshot later. This snapshot will be unencrypted snapshot because you get this from unencrypted volume.

After you will see the unencrypted snapshot under Snapshots section.

Note: We are going to create Encrypted Volume, So we should need a encrypted snapshot as well. because we can not create a encrypted volume with unencrypted snapshot. We should convert this Unencrypted snapshot to encrypted snapshot.

Step 4 : Copy Unencrypted Snapshot to change it to an Encrypted Snapshot.

When go back to Snapshots section, right click on Unencrypted volume that you want to Encrypt and click COPY. Then you will see this dialog box below.

Give a description to identify your encrypted volume and you can keep Master key as default aws/ebs. Later you will see the encrypted snapshot like this below.

Step 5. Create Encrypted EBS Volume from the Encrypted Snapshot.

Go to Volumes section in EC2 service and press Create Volume button. Then you get a dialog like this below.

Then fill up this form with relevant details. Make sure to tick the Encryption box and provide you Encrypted snapshot with it. keep your Master key as default if you kept master key as default when you were copying.

Note : Please create volume in the same availability zone as your instance.

Press create and now you have an Encrypted volume with Encrypted data from Unencrypted volume with Unencrypted data.

Note : Make sure to unattached instance from Old volume and attach instance to new Encrypted Volume that we created.

Claps for me :)

Follow us on Twitter 🐦 and Facebook 👥 and join our Facebook Group 💬.

To join our community Slack 🗣️ and read our weekly Faun topics 🗞️, click here⬇

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author! ⬇

Sign up to discover human stories that deepen your understanding of the world.

Published in FAUN — Developer Community 🐾

We help developers learn and grow by keeping them up with what matters. 👉 www.faun.dev

Written by Sarasa Gunawardhana

Senior DevSecOps Engineer | Full Stack Developer | Tech Blogger | SLIIT

No responses yet

What are your thoughts?