Encrypt at rest existing AWS EFS instances - is it possible?

amazon-web-services encryption amazon-efs encrypting-file-system

Based on my understanding of AWS documentation it appears that the only way to encrypt at rest existing EFS instances with some data is to create new EFS instances with encryption enabled and copy the files from unencrypted EFS to encrypted EFS and alter mount points if any.

Can anybody confirm that is the case?


You are correct, EFS encryption of data at rest can only be enabled when creating the EFS instance. Below is the quote (and image) from the setup workflow for EFS.

Encryption of data at rest can only be enabled during file system creation. Encryption of data in transit is configured when mounting your file system

enter image description here

Reference

Encryption at Rest

Related

Run a batch file on remote servers
enabling jumbo frames on an iSCSI network after the fact
How to slave real-time data from two MySQL sources merging in to one MySQL destination?
Cannot mount /dev/sdc1 on Debian 5.0, special device /dev/sdc1 doesn't exist
Is there a way to force group membership changes to be refreshed on clients?
Drawbacks of a single drive split into partitions and partitions joined into a ZFS raidz1, vs. single drive ZFS with data duplication?
Configuring DHCP on RHEL 6
NFS exporting a directory that's already NFS mounted (on the server)
Extend Raid5 with a new HD (HP DL380 G3)
The use of external journals on SSDs
Apache SSL Proxy can't find client certificate?
Is this hard disk dead?