Encrypt at rest existing AWS EFS instances - is it possible?
Based on my understanding of AWS documentation it appears that the only way to encrypt at rest existing EFS instances with some data is to create new EFS instances with encryption enabled and copy the files from unencrypted EFS to encrypted EFS and alter mount points if any.
Can anybody confirm that is the case?
You are correct, EFS encryption of data at rest can only be enabled when creating the EFS instance. Below is the quote (and image) from the setup workflow for EFS.
Encryption of data at rest can only be enabled during file system creation. Encryption of data in transit is configured when mounting your file system
Reference
Encryption at Rest