An existing application stores sensitive information on a non-boot Amazon EBS data volume
attached to an Amazon Elastic Compute Cloud instance. Which of the following approaches
would protect the sensitive data on an Amazon EBS volume?
Upload your customer keys to AWS CloudHSM. Associate the Amazon EBS volume with AWS
CloudHSM. Re-mount the Amazon EBS volume.
Create and mount a new, encrypted Amazon EBS volume. Move the data to the new volume.
Delete the old Amazon EBS volume.
Unmount the EBS volume. Toggle the encryption attribute to True. Re-mount the Amazon EBS
Snapshot the current Amazon EBS volume. Restore the snapshot to a new, encrypted Amazon
EBS volume. Mount the Amazon EBS volume
To migrate data between encrypted and unencrypted volumes
1. Create your destination volume (encrypted or unencrypted, depending on your need) by
following the procedures in Creating an Amazon EBS Volume.
2. Attach the destination volume to the instance that hosts the data to migrate. For more
information, see Attaching an Amazon EBS Volume to an Instance.
3. Make the destination volume available by following the procedures in Making an Amazon
EBS Volume Available for Use. For Linux instances, you can create a mount point at
/mnt/destination and mount the destination volume there.
4. Copy the data from your source directory to the destination volume. It may be most
convenient to use a bulk-copy utility for this.