Dinesh Rathee , Young IT Professional π» Working in Dublin (Ireland) π
Enthusiast, Innovative, Loves Travelling
#Fan of @elonmusk ππ°, Proud Sonπ¨βπwith Big Dreams.
πOpinions are my own π
Location
Dublin (Ireland)
Education
Masters (Systems Engineering) - Birla Institute of Technology and Science, Pilani
Work
Cloud Support Engineer I (Linux) at Amazon Web Services
That's a good approach π
Also, just curious to share what I've come across something interesting earlier which can achieve this task with in a single settings in AWS account.
You can now specify that you want all newly created EBS volumes to be created in encrypted form, with the option to use the default key provided by AWS, or a key that you create.
Dinesh Rathee , Young IT Professional π» Working in Dublin (Ireland) π
Enthusiast, Innovative, Loves Travelling
#Fan of @elonmusk ππ°, Proud Sonπ¨βπwith Big Dreams.
πOpinions are my own π
Location
Dublin (Ireland)
Education
Masters (Systems Engineering) - Birla Institute of Technology and Science, Pilani
Work
Cloud Support Engineer I (Linux) at Amazon Web Services
Thanks Saravanan, Actually I did some test over this doc and also verified that this will also ensure when you "launch a new Instance" its root volume will be encrypted automatically on launch.
Dinesh I just wanted to clarify that, there are two parts in this article,
Encrypt EBS - After Creating the EC2 instance
Encrypt EBS - Before Creating the EC2 instance..
So the new option provided by AWS solves the purpose of 2nd part of the article (encrypt volume before creating instance)
Where as the part 1. Encrypt EBS - After Creating the EC2 instance still needs manually encrypting the ec2 instance and my article and script can be used to achieve the same thing in automated way using the script.
Dinesh Rathee , Young IT Professional π» Working in Dublin (Ireland) π
Enthusiast, Innovative, Loves Travelling
#Fan of @elonmusk ππ°, Proud Sonπ¨βπwith Big Dreams.
πOpinions are my own π
Location
Dublin (Ireland)
Education
Masters (Systems Engineering) - Birla Institute of Technology and Science, Pilani
Work
Cloud Support Engineer I (Linux) at Amazon Web Services
That's correct , Actually mainly I was focusing on Part #2 which focuses upon "Encrypt EBS - Before Creating the EC2 instance" using this feature instead of doing it via a script.
The interesting part is like a scenario when we use Public AMIs , the Snapshot present on S3 in public domain and the OS (root volume) gets created and by default it will be unencrypted and if we use this Account Attributes feature setting for a region, it will definitely save overhead of (stop,copy snapshot,encrypt,AMI,and use that AMI for launch) process which could be done by simply applying Account level region encryption setting without any intervention from a user
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
That's a good approach π
Also, just curious to share what I've come across something interesting earlier which can achieve this task with in a single settings in AWS account.
You can now specify that you want all newly created EBS volumes to be created in encrypted form, with the option to use the default key provided by AWS, or a key that you create.
Please take a look on this :
aws.amazon.com/blogs/aws/new-opt-i...
Yes, Dinesh. Thanks for sharing the doc url. My article mainly focus on encrypting ebs volume of already created ec2 instance.
Thanks Saravanan, Actually I did some test over this doc and also verified that this will also ensure when you "launch a new Instance" its root volume will be encrypted automatically on launch.
Just written Blog post :
Probably this will explain a bit more on this :)
Dinesh I just wanted to clarify that, there are two parts in this article,
So the new option provided by AWS solves the purpose of 2nd part of the article (encrypt volume before creating instance)
Where as the part 1. Encrypt EBS - After Creating the EC2 instance still needs manually encrypting the ec2 instance and my article and script can be used to achieve the same thing in automated way using the script.
Hope this clarifies.
That's correct , Actually mainly I was focusing on Part #2 which focuses upon "Encrypt EBS - Before Creating the EC2 instance" using this feature instead of doing it via a script.
The interesting part is like a scenario when we use Public AMIs , the Snapshot present on S3 in public domain and the OS (root volume) gets created and by default it will be unencrypted and if we use this Account Attributes feature setting for a region, it will definitely save overhead of (stop,copy snapshot,encrypt,AMI,and use that AMI for launch) process which could be done by simply applying Account level region encryption setting without any intervention from a user