DEV Community

Discussion on: AWS EC2 - EBS Volume Encryption

dineshrathee12 profile image
Dinesh Rathee • Edited

Thanks Saravanan, Actually I did some test over this doc and also verified that this will also ensure when you "launch a new Instance" its root volume will be encrypted automatically on launch.

Just written Blog post :

  • Blog Post
  • Probably this will explain a bit more on this :)

    Thread Thread
    chefgs profile image
    Saravanan G Author • Edited

    Dinesh I just wanted to clarify that, there are two parts in this article,

    1. Encrypt EBS - After Creating the EC2 instance
    2. Encrypt EBS - Before Creating the EC2 instance..

    So the new option provided by AWS solves the purpose of 2nd part of the article (encrypt volume before creating instance)
    Where as the part 1. Encrypt EBS - After Creating the EC2 instance still needs manually encrypting the ec2 instance and my article and script can be used to achieve the same thing in automated way using the script.

    Hope this clarifies.

    Thread Thread
    dineshrathee12 profile image
    Dinesh Rathee

    That's correct , Actually mainly I was focusing on Part #2 which focuses upon "Encrypt EBS - Before Creating the EC2 instance" using this feature instead of doing it via a script.

    The interesting part is like a scenario when we use Public AMIs , the Snapshot present on S3 in public domain and the OS (root volume) gets created and by default it will be unencrypted and if we use this Account Attributes feature setting for a region, it will definitely save overhead of (stop,copy snapshot,encrypt,AMI,and use that AMI for launch) process which could be done by simply applying Account level region encryption setting without any intervention from a user