How to enable AWS EBS Volume snapshots encryption

-


Using the AWS console:

Sign in to AWS console and navigate to https://console.aws.amazon.com/ec2/

From the left navigation choose snapshots option.

Select the actionable snapshot, choose actions.

Choose the Copy Snapshot option.

Check the encryption option.

Under the Master key choose the kms key (It is recommended to choose KMS CMK when EBS snapshot consist of highly sensitive data).

Click on copy.

Once the newly encrypted snapshot is ready old snapshot should be deleted.

Using AWS CLI

$> aws ec2 copy-snapshot --description [description-for-new-snapshot] --destination-region [region-name] --encrypted --kms-key-id [kms-key-id] ---source-region [region-name] --source-snapshot-id [actionable-snapshot-id]

Command reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html

$> aws ec2 delete-snapshot --snapshot-id [actionable-snapshot-id] --region [region-name]

Command reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/delete-snapshot.html

Note:

Applications using old snapshot id should point to new snapshot id.

Using KMS CMK to encrypt snapshots might incur additional cost.


Comments

Post a Comment

Popular posts from this blog

Core 5 Security Epics in AWS Cloud

-
Image
AWS Core Security EPICs refer to the foundational security features and capabilities provided by Amazon Web Services (AWS) to ensure the security of customer data and resources in the cloud. EPICs stands for "Elevated Privileges Isolation and Control," which are key principles of cloud security. Identity and Access Management (IAM) - AWS IAM is a powerful tool that helps users manage access to AWS resources. It provides a centralized view of all users and resources, allowing administrators to create, manage, and enforce security policies. IAM enables administrators to create roles with specific permissions, set up policies that define which actions can be performed on resources, and manage users and groups. IAM also supports multi-factor authentication (MFA), which provides an extra layer of security for users. Network Security - AWS provides a wide range of security controls to help protect the network infrastructure. These include virtual private cloud (VPC), network acces
Read more

Why do you need to monitor your network?

-
Image
               Monitoring  your network is essential for several               reasons, including: Security: Monitoring your network can help you identify potential security breaches or threats, such as unauthorized access or suspicious activity. It allows you to take action quickly to prevent or minimize any damage caused by a security incident. Performance: Monitoring your network can help you identify performance issues such as slow network speed or bandwidth constraints. You can then take action to optimize your network to improve its performance. Availability: Network downtime can result in lost productivity and revenue. Monitoring your network can help you identify and resolve issues quickly, reducing the amount of downtime your network experiences.                                                                                     Compliance: Depending on your industry or organization, you may be required to meet specific compliance requirements. Network monitoring can help y
Read more

How to change Domain account logging password

-
Image
If my system is in domain and we have sufficient privilege for changing password of our account or Server admin has already given us permission for doing this task. We need to follow this process for this. Press Ctrl+Alt+Delete you will gate following screen from here you can change your account password.  
Read more