In the video it is mentioned that we need to create an API and then copy it, as a work around to encrypt the root volume. But currently console gives you the option to encrypt it while launching instance.
3 Answers
Yes that’s right
It is great that they have recently made the change to allow root volume encryption on launch as before creating and cloning AMI’s was a slow process. Just be aware that it is still important to know how to do it manually the old way to help with existing instances that need converting to encrypted EBS volumes. Also some services like Auto Scaling groups do not currently support launching encrypted root volumes which means you have to manually create encrypted AMI’s for this use case right now.
Good answer – thank you!
For the time being it is worth knowing knowing how to do this manually so you don’t get tripped up in the exam which unfortunately always runs a little behind the latest announcements and changes. They try to give at least 6 months to get used to a new feature, however in practice it can sometimes be more like 6-12 months behind.
Yes that’s correct