How to enable AWS EBS Volume snapshots encryption


Using the AWS console:

Sign in to AWS console and navigate to https://console.aws.amazon.com/ec2/

From the left navigation choose snapshots option.

Select the actionable snapshot, choose actions.

Choose the Copy Snapshot option.

Check the encryption option.

Under the Master key choose the kms key (It is recommended to choose KMS CMK when EBS snapshot consist of highly sensitive data).

Click on copy.

Once the newly encrypted snapshot is ready old snapshot should be deleted.

Using AWS CLI

$> aws ec2 copy-snapshot --description [description-for-new-snapshot] --destination-region [region-name] --encrypted --kms-key-id [kms-key-id] ---source-region [region-name] --source-snapshot-id [actionable-snapshot-id]

Command reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html

$> aws ec2 delete-snapshot --snapshot-id [actionable-snapshot-id] --region [region-name]

Command reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-snapshot.html

Note:

Applications using old snapshot id should point to new snapshot id.

Using KMS CMK to encrypt snapshots might incur additional cost.


Comments

Popular posts from this blog

Core 5 Security Epics in AWS Cloud

How to change Domain account logging password

Why do you need to monitor your network?