How to encrypt AWS EBS volume

Despite the numerous advantages of shifting to the cloud, data security remains a major barrier to adoption for many businesses.

You’ll want to make sure your data is safe while it’s being stored on the cloud, therefore cloud data security is crucial.

Because of a number of high-profile hacking cases, this is a hot topic among business owners, but the reality is that your data is safer on the cloud.

Why Cloud storage is more safer?

Your data is backed up to the cloud rather than being kept on-site or nearby when you use cloud storage.

Some companies still use tape backups or keep their data backups on-site or at a nearby off-site location.

If there is a local disaster, backups could be lost. Because the data is stored in faraway locations, cloud security prevents this issue, protects your business from data loss.

Elastic Blob Storage(EBS)

EBS volumes are block-level, fast storage devices that are connected to your EC2 Instances. For an EC2 or database, EBS can be used as the primary storage device.

EBS volumes exist independently of your EC2 instances and can be kept even if the EC2 instance that they are associated with is deleted.

Why Encrypt EBS volumes?

When using any storage service, encryption should be a top priority for a company to safeguard data at rest and in transit.

EBS volumes can be attached to your instances and are best suited for data that is constantly changing or requires a high number of input/output operations per second (IOPS).

EBS volumes are suitable for storing sensitive data and can be utilized to store personally identifiable information (PII) because they provide persistent level storage to your instances.

To safeguard data on the disk from harmful activity in any context where this is the case, it must be encrypted.

How to Encrypt new EBS volumes

Let us discuss how we can encrypt new EBS volumes by following the below steps –

1. First, login into the AWS login console, you can sign up from here.

2. Then, from the top right corner, select the AWS Region where you want to create EBS volumes.

3. Then search for EC2, select ‘Volumes’ under EC2.

4. Next, you need to click on ‘Create volume’ to create new volumes.

5. Fill in all the required details in the form, then scroll down to click on the ‘create volume’ button.

6. Further, you will find it as a confirmation that your new volume has been encrypted successfully.

As a result, your new volume has been encrypted successfully. Following this process, you can create as many as volumes you want and will cost accordingly.

How to encrypt New EBS volumes by default

AWS has also included a function that allows users (and especially administrators) to automatically enable encryption on all EBS volumes created inside a certain region.

Note – This has far-reaching implications, but it only works on a per-region basis, therefore enabling default encryption will need to be done separately in each region.

Steps for default encryption are –

  1. Go to ‘EC2 instance dashboard’.
  2. Under ‘Account Attributes’, select ‘EBS Encryption’.
  3. Then select the checkbox shown in the below image.

How to Encrypt existing EBS volumes

Follow the below steps to encrypt your existing EBS volumes –

  1. Select the unencrypted volume‘ that you want to encrypt.

2. Click on ‘Action’ and then select ‘Create snapshot’.

3. Fill in all the required details in the form, then scroll down to click on the ‘create snapshot’ button.

4. Further, you will find it as a confirmation that your new snapshot has been encrypted successfully.

5. Once the snapshot has been created, go to ‘Snapshot’ under EC2 and then select the newly created volume.

6. Click on ‘Action’ and then select the ‘Copy’ option.

7. Then, select the Encryption checkbox to ‘Encrypt this snapshot’.

8. Your snapshot will be encrypted successfully.

At last, in this way you can encrypt your existing EBS volumes.


EBS volume encryption is a straightforward and cost-effective alternative to constructing and maintaining your own cloud data security architecture.

It uses Amazon’s Key Management Service (KMS), which imposes physical security constraints and serves as a central hub for creating, managing keys for cloud and on-premises services.

Need Support?

Thank You for reading this Blog!

For further more interesting blogs, keep in touch with us. If you need any kind of support, simply raise a ticket at

For further help or query, please contact us or raise a ticket.

. . .


Add Your Comment

Be the first to comment.