Converting Unencrypted Volumes to Encrypted Volumes - Amazon Web Services


When launching an EC2 server instance or creating a volume within AWS, it is fairly straightforward to have the volumes be encrypted. It's simply a checkbox. However, if you decide after creating an unencrypted volume that you want it to be encrypted, you can't simply toggle the "encrypted flag" for the volume. This article explains how to encrypt the volumes for an entire server.

While this article is for an entire server, if you need to encrypt just a single volume, there is a similar process that can be done at the volume-level.


1. Make note of the Elastic IP address of the EC2 instance

2. Shut down the EC2 instance

3. Creating an image (AMI) of the instance

4. Copy the AMI, turning on Encryption

Copy AMI Dialog

Copy AMI Dialog

5. Launch a new EC2 instance from the encrypted AMI

6. Move the Elastic IP to the new EC2 instance