This content originally appeared on DEV Community and was authored by DevOps Descent
If you’ve forgotten to encrypt the Root EBS volume attached to your servers, there’s no need to worry! 
Follow these 6 simple steps to resolve it: (Nobody would ever know 
)
Stop the EC2 Instance
:
Identify the EC2 instance with the unencrypted volume and stop it to ensure data integrity.
Create an AMI/Snapshot of the existing unencrypted volume
.
Create an Encrypted Snapshot:
Make a copy of the unencrypted snapshot and encrypt it during the copy process by using an available encryption key.
Provision a New Encrypted EBS Volume
:
Create a new EBS volume from the encrypted snapshot.
Replace the Volume:
Detach the original unencrypted EBS volume and attach the new encrypted EBS volume, ensuring the device name matches (e.g., /dev/sda1).
Start the EC2 Instance:
Restart the instance and wait for it to pass all health checks to verify that the encrypted volume is functioning properly.
If you found this valuable
, please follow the blog, and I’ll continue to post more tech goodness. Thanks for reading!
Also visit my Youtube channel: https://www.youtube.com/@DevOpsDescent
This content originally appeared on DEV Community and was authored by DevOps Descent