How to encrypt EBS Snapshot in AWS

Introduction

Elastic Block Storage (EBS) snapshots are snapshots of the volume at a particular moment in time. These snapshots can be shared and recreated into volumes for other instances. AWS provides the provision to share these snapshots with other AWS customers via the “Permissions” tab of the snapshot.

Since a snapshot is equivalent to the EBS volume, an attacker with access to a snapshot can read and gain access to data within the snapshot if it is unencrypted. It is recommended to implement data encryption in order to protect it from attackers or unauthorised users.

In this article we will take a look at how to encrypt an EBS snapshot via AWS management console.

Encrypt AWS EBS snapshot

To encrypt an EBS snapshot, follow the steps below in the AWS management console:

1. Login to the AWS Management Console and navigate to EC2 dashboard

   

2. In the navigation panel, under Elastic Block Store, click Snapshots

   

3. Select the unencrypted Snapshot that you want to update

4. Click on Actions dropdown and select Copy snapshot

   

5. Define the Destination, Description and check the Encrypt this snapshot option, select the Customer Master Key (CMK) and click on Copy snapshot

   

6. Delete the original unencrypted snapshot by selecting the snapshot and clicking on Actions dropdown button from the dashboard top menu and choose Delete