Create AWS EC2 Windows instance using encrypted EBS
Question
I am trying to create an EC2 instance (running Windows Server 2012 R2) with an encrypted EBS volume. I am using OpsWorks and there doesn't seem to be an option to create an EC2 instance with an encrypted volume. I am wondering if there is a way to do this without going through the process of creating a blank, encrypted volume, attaching it to the instance, and then copying everything over to the encrypted volume. I would prefer to not have to do that as it does not seem like a simple process.
1 answers
solution1
0 ACCPTED 2015-10-09 20:29:46
Amazon Elastic Blocks Store (EBS) does not currently offer encryption for boot volumes.
From the EBS Encryption documentation page :
Encrypted boot volumes are not supported at this time.
So, it's not related specifically to OpsWorks, it applies to EBS as a whole.
This is possibly because snapshots would also be encrypted, so it would not be possible to create an AMI (since it uses a snapshot and would therefore be encrypted, too).
It is theoretically possible to create an encrypted boot volume by creating a blank encrypted volume, copying all the contents to the new volume and then attaching it as a boot volume. However, this would disallow use of an AMI.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.