Easy way to encrypt EBS volume

Back in January 2019, I wrote an article on how to encrypt an EBS volume. It was a very tedious process. However, things have changed for good. AWS has simplified this process. In this article, I want to share how easy is to encrypt an EBS volume.

Before we launch a new EC2 instance, we need to use a key. Just like you lock and unlock your house door using a physical or digital key. Same principle applies to encrypted EBS volumes. To create a new KMS key, go to the key management service console and select customer managed keys from the left side menu.

Now create a new key. Once you have a new KMS key, we can launch a new EC2 instance. When you get to the storage option, pay attention to the encryption option. 

As you can see from image above, you will see your KMS keys in the encryption option. Go ahead and select a key and continue with your EC2 configuration wizard. 

That’s it. We have to be thankful to AWS for making this process easier. 


The Overnight Success that took 4 years

Back in April 2014, I started this blog to share my experiences as a software developer. I was motivated to write by Scott Hanselman. Many articles took long hours to write. Others were written in a couple of minutes. Without a clear goal for this blog, I was determined to help other software developers with common issues. In average, I receive 10 visits to my blog everyday. Recently I have written exclusively on AWS and .NET. Last year I read articles on AWS Lambda and was very impressed with this service. I also watched youtube videos to understand lambda. With this information, I started taking notes on lambda and how to use it with .NET Core.

After I shared this article on Linkedin and Twitter, AWS liked it and they included it on with a short description. This link is taking my blog to a new dimension. I’m getting more visits to my site and I’m happy that someone is starting to appreciate my articles.

It’s been a long 4 years writing technical articles and it’s finally paying off. Like many people say, “this is an overnight success that only took 4 years.”


How to Encrypt an EBS Volume

When you create a new AWS instance, you don’t see an option to encrypt the root volume. In this post, I’m going to show you step by step how to encrypt root volumes using the console.

First, we need to create a new AWS instance. Pay attention to the storage section. I’m unable to change the encrypted option. If you add a new volume, you will see that the encrypted option is also missing.

ebs root volume - no encryption option

Go ahead and configure your new instance. After the instance is launched, that’s when our real work begins. While the instance is in the initialization stage, go to volumes and create a new snapshot.

ebs volume - create new snapshot

Now that we have our new snapshot, we can copy it to a new region.

In this example, I’m copying this snapshot from US N. Virginia to EU London. As you can see, we have an option to encrypt this snapshot and also select a master key. Go ahead and click on copy button. Now we can switch to EU London region and go to the snapshots page.

Now we see that our London snapshot is encrypted. From this same page, select the encrypted snapshot and create a new image.

create image from encrypted snapshot

Now go to the AMIs page, select your newly created image and launch a new instance. Pay special attention to the storage section.

Our Encrypted column shows Encrypted. That’s what we want it. I hope this post was helpful to you. See you soon!