An existing application stores sensitive information on a non-boot Amazon EBS data volume attached to an
Amazon Elastic Compute Cloud instance. Which of the following approaches would protect the sensitive data
on an Amazon EBS volume?
Upload your customer keys to AWS CloudHSM. Associate the Amazon EBS volume with AWS CloudHSM.
Re- mount the Amazon EBS volume.
Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume. Delete the old
Amazon EBS volume.
Unmount the EBS volume. Toggle the encryption attribute to True. Re-mount the Amazon EBS volume.
Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon EBS
volume. Mount the Amazon EBS volume.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html To migrate data between
encrypted and unencrypted volumes:
1. Create your destination volume (encrypted or unencrypted, depending on your need) by following the
procedures in Creating an Amazon EBS Volume.
2. Attach the destination volume to the instance that hosts the data to migrate. For more information, see
Attaching an Amazon EBS Volume to an Instance.
procedures in Making an Amazon EBS Volume Available for Using. For Linux instances, you can create a
mount point at /mnt/destination and mount the destination volume there.
4. Copy the data from your source directory to the destination volume. It may be most convenient to use a bulkcopy utility for this.