EBS Encryption

 When you create an encrypted EBS volume, you get the following:

• Data at rest is encrypted inside the volume
• All the data in flight moving between the instance and the volume is encrypted
• All snapshots are encrypted
• All volumes created from the snapshot

Encryption and decryption are handled transparently (you have nothing to do)

Encryption has minimal impact on latency

EBS encryption leverages keys from KMS (AES-256)

Copying an unencrypted snapshot allows encryption

Snapshots of encrypted volumes are encrypted

Encrypt an unencrypted EBS volune:

• Create an EBS snapshot of the volume
• Encrypt the EBS snapshot (using copy)(select snapshot, actions--copy--copy snapshot-- check "Encrypt this snapshot"--copy, this will create a new snapshot)
• Create new ebs volume from the snapshot (the volume will also be encrypted)
• Now you can attach the encrypted volume to the original instance
• Instead of creating a new copy of snapshot and encrypting it and creating a volume from it. You can directly create a volume from first unencrypted snapshot and in the volume creation page, select the checkbox "Encrypt this volume"