Thursday, June 6, 2019

AWS Encrypt Root Volumes by Default

AWS Encrypt Root Volumes

We might have used and launched root volumes as part of EC2/EMR for umpteen times in our devops lifecycle. Until few weeks back, I have been encrypting in conventional way as below

  1. Create basic EC2 with required root volume size
  2. Created snapshot from the root volume, of the launched EC2
  3. Copy snapshot with an encryption key
  4. Use this newly copied snapshot, going forward
  5. Or, create an AMI with encrypted root volume, by selecting the just encrypted & created snapshot and use them ahead
Hooooooooooo, lots of work isnt it? I agree :-). It is not about creating AMI or using the encrypted volumes, but it is about doing the clean up of snapshots that were created as above

Let us come out of these head ache, which is basically a workaround and get into the most exciting part of making 'Root Volumes Encyrpted by default' . Yayyyyyyyyyyyy, How cool is that? Let us see how !!

  1. Login to AWS account
  2. Go to EC2
  3. Top right corner, 'Account Attributes' click on 'Settings'

From there, you will get the below screen, where in, click on the checkbox saying 'Always encrypt new EBS Volumes' and we are done

Thats it !! New EC2 launched will have root volumes encrypted from on !!

Happy EC2 folks !!!

No comments:

Post a Comment