When you create a new AWS instance, you don’t see an option to encrypt the root volume. In this post, I’m going to show you step by step how to encrypt root volumes using the console.
First, we need to create a new AWS instance. Pay attention to the storage section. I’m unable to change the encrypted option. If you add a new volume, you will see that the encrypted option is also missing.
Go ahead and configure your new instance. After the instance is launched, that’s when our real work begins. While the instance is in the initialization stage, go to volumes and create a new snapshot.
Now that we have our new snapshot, we can copy it to a new region.
In this example, I’m copying this snapshot from US N. Virginia to EU London. As you can see, we have an option to encrypt this snapshot and also select a master key. Go ahead and click on copy button. Now we can switch to EU London region and go to the snapshots page.
Now we see that our London snapshot is encrypted. From this same page, select the encrypted snapshot and create a new image.
Now go to the AMIs page, select your newly created image and launch a new instance. Pay special attention to the storage section.
Our Encrypted column shows Encrypted. That’s what we want it. I hope this post was helpful to you. See you soon!