Given an existing unencrypted AWS EFS volume, can somebody give me a path for encrypting it without data loss?

We have discovered that we really ought to have encrypted the MySql database and EFS volume on our application, at the time of creation. We are now attempting to correct the oversight.

I've read the Amazon document about converting a database from unencrypted to encrypted, as well as the ServerFault thread about changing encryption keys.

What would be the best and most practical way to do something similar for the EFS volume?

(And is anybody aware of any ways to improve the process on the database side?)


The easiest option for EFS may be to create a new volume and copy the data over.

The steps for RDS you linked to seem reasonable. You could also create a new database then use MySQL tools to copy the data over, then reconfigure the application to use the new database.

Take backups / snapshots before you do anything.