DEV Community

Discussion on: AWS EC2 - EBS Volume Encryption

chefgs profile image
Saravanan G Author • Edited

Dinesh I just wanted to clarify that, there are two parts in this article,

  1. Encrypt EBS - After Creating the EC2 instance
  2. Encrypt EBS - Before Creating the EC2 instance..

So the new option provided by AWS solves the purpose of 2nd part of the article (encrypt volume before creating instance)
Where as the part 1. Encrypt EBS - After Creating the EC2 instance still needs manually encrypting the ec2 instance and my article and script can be used to achieve the same thing in automated way using the script.

Hope this clarifies.

Thread Thread
dineshrathee12 profile image
Dinesh Rathee

That's correct , Actually mainly I was focusing on Part #2 which focuses upon "Encrypt EBS - Before Creating the EC2 instance" using this feature instead of doing it via a script.

The interesting part is like a scenario when we use Public AMIs , the Snapshot present on S3 in public domain and the OS (root volume) gets created and by default it will be unencrypted and if we use this Account Attributes feature setting for a region, it will definitely save overhead of (stop,copy snapshot,encrypt,AMI,and use that AMI for launch) process which could be done by simply applying Account level region encryption setting without any intervention from a user