An important exam tip is the fact that you when setting up new EC2 instances, by default the root/boot volume will not be encrypted and you do not have the option to encrypt it at the time of launch.  By contrast, additional EBS volumes that you add to the instance at the time of launch can be encrypted as part of the configuration.

Encrypting Boot Volumes

If you wish to encrypt your boot volumes, you will first need to create an AMI of the instance. The AMI too will have an unencrypted boot volume and there will be no option to encrypt it. You will then need to copy the AMI to create another AMI. You have the option here to also select placing the AMI in a different region.  While configuring options for copying the AMI as shown in the screenshot below, you have the option to Encrypt target EBS snapshots. The encryption will use your KMS Key ID and KMS Key ARN associated with your account.


Once you have copied the AMI with the boot volumes encrypted, you can now launch new instances from the AMI with encrypted boot volumes.  Upon selecting the storage options available during the initial configuration of a new instance launch, you will note that the root volume is encrypted as shown in the screenshot below:

By following this process you can create an instance that meets compliance and regulatory requirements and enables you to verify that all of the data that you store on EBS is encrypted, whether it is stored on a boot volume or on a data volume.

Key Exam Tips

  • Root volumes cannot be encrypted by default.  However, you can use a third party tool to such as Windows Bit Locker to encrypt the drive.
  • Additional volumes can be encrypted at the time of launching a new instance on standard AMIs
  • You can copy the AMI and then as part of the copy process encrypted the root volume.  You can then launch new instances from the AMI which will have the root volume encrypted at launch


180 Practice Exam Questions – Get Prepared for your Exam Day!

Our Exam Simulator with 180 practice exam questions comes with comprehensive explanations that will help you prepare for one of the most sought-after IT Certifications of the year.  Register Today and start preparing for your AWS Certified Solutions Architect – Associate Exam

Close Popup

We use cookies to give you the best online experience. By agreeing you accept the use of cookies in accordance with our cookie policy.

Close Popup
Privacy Settings saved!
Privacy Settings

When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. Control your personal Cookie Services here.

These cookies are necessary for the website to function and cannot be switched off in our systems.

Technical Cookies
In order to use this website we use the following technically required cookies
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

We use WooCommerce as a shopping system. For cart and order processing 2 cookies will be stored. This cookies are strictly necessary and can not be turned off.
  • woocommerce_cart_hash
  • woocommerce_items_in_cart

Decline all Services
Accept all Services
Open Privacy settings