I am trying to create an EC2 instance (running Windows Server 2012 R2) with an encrypted EBS volume. I am using OpsWorks and there doesn't seem to be an option to create an EC2 instance with an encrypted volume. I am wondering if there is a way to do this without going through the process of creating a blank, encrypted volume, attaching it to the instance, and then copying everything over to the encrypted volume. I would prefer to not have to do that as it does not seem like a simple process.
Asked
Active
Viewed 941 times
0
-
Do you want the encrypted volume to be the boot volume, or a secondary volume? Officially, Amazon EC2 cannot use an encrypted boot volume (but there are workarounds). – John Rotenstein Oct 08 '15 at 13:34
-
I would like it to be the boot volume if possible – narciero Oct 08 '15 at 16:16
1 Answers
0
Amazon Elastic Blocks Store (EBS) does not currently offer encryption for boot volumes.
From the EBS Encryption documentation page:
Encrypted boot volumes are not supported at this time.
So, it's not related specifically to OpsWorks, it applies to EBS as a whole.
This is possibly because snapshots would also be encrypted, so it would not be possible to create an AMI (since it uses a snapshot and would therefore be encrypted, too).
It is theoretically possible to create an encrypted boot volume by creating a blank encrypted volume, copying all the contents to the new volume and then attaching it as a boot volume. However, this would disallow use of an AMI.
John Rotenstein
- 241,921
- 22
- 380
- 470
-
1For posterity's sake this no longer seems to be the case. https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/ – cori Jan 27 '16 at 21:15