Encrypt Amazon EBS Volumes Attached to Catalyst Centers
You can encrypt Amazon Elastic Block Store (Amazon EBS) volumes that are attached to Catalyst Centers that are running in AWS. This procedure is optional and applies only if you want to encrypt EBS volumes that are attached to already running Catalyst Centers in AWS (possibly due to an organization mandate). If your organization does not require encryption of EBS volumes, you can disregard this procedure and continue with non-encrypted EBS volumes.
Encrypting Amazon EBS volumes, which includes encrypting the root volume of an EC2 instance, improves data security in AWS environments. By encrypting Amazon EBS volumes, you can protect sensitive data from unauthorized access and mitigate the risks that are associated with data breaches and theft. Encryption safeguards data and ensures compliance with regulatory standards and industry best practices.
By creating encrypted snapshots and volumes, and potentially replacing the root volume of an EC2 instance, you can seamlessly integrate encryption into your AWS infrastructure.
This procedure includes steps for manually encrypting the existing Amazon EBS volumes from the AWS console. During this process, you create snapshots, which need to be deleted after successfully completing the procedure. Also, expect some downtime because you need to restart the Amazon EC2 instance.
Procedure
Step 1 |
Determine the Amazon EBS volume ID of the volume that you want to encrypt. You can find this information in the AWS Management Console under the Volumes in the EC2dashboard. |
Step 2 |
For backup purposes, create a snapshot of the volume that you are encrypting, which is the volume that is attached to Catalyst Center:
|
Step 3 |
Make a copy of the snapshot that you created and apply encryption to this copy:
|
Step 4 |
Create an encrypted volume from the snapshot:
|
Step 5 |
(Optional) Replace the root volume of an EC2 instance with an encrypted instance:
|
Step 6 |
After Catalyst Center is running the new encrypted volume:
This clean-up process is important for maintaining an organized cloud environment and minimizing storage costs. This process does not affect the new encrypted Amazon EBS volume that is attached to the running Catalyst Center. Global Launchpad does not maintain snapshots of the Amazon EBS volume. |