Certified Security - Specialty

Sign Up Free or Log In to participate!

Copy AMI and change encryption question..

So ….if a volume is encrypted say with KMS and I create an AMI, copy it and encrypt with my own key can i see the volume data which was originally encrypted with KMS ?


Good Question. I think the original KMS key owner has to give you permissions to use the key and hence copy. I tried to copy image which was previously encrypted (encrypted snapshot) with Elon and tried to do copy operation using another user Thomas(which did not had permissions for that key), copy operation error. I am sure something to do kms permissions.


This lecture is outdated, you can now encrypt the Root EBS volume while launching an EC2 instance.

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?