As you learn AWS, you are kind of forced to pick up the linux command line along the way. Here, we are going to learn some fundamentals about mounting EBS volumes in linux, creating a file system, and encrypting the root volume.
To begin, launch an EC2 instance and ssh into it. Here is a helpful guide if you’ve never ssh’ed into an instance before.
Once you’ve ssh’ed into your EC2 instance, type in the linux command list block
next, we will create an EBS volume in the AWS console and then attach the volume to the EC2 instance.
Make sure to create the volume in the same availability zone as your EC2 instance. Otherwise, you won’t be able to attach the volume to the instance. This makes sense, because the computer’s hard drive has to be very close to it or else there will be too much latency.
After the volume has been attached to your instance, then we can see the volume in the terminal with the list block command:
The new volume is listed as “xvdf”. The next step is to view the file system of the volume. In our case, since this is a newly created volume, there will be no file system.
Note that the volume just says “data” which means it’s not formatted with any specific file system yet. To create a linux filesystem type the make file system command:
After the file system is created, you can check it once again and now see that the volume is formatted with a linux file system.
Now we will create a new directory “my_filesystem” and mount that directory to our new volume.
Encrypting EBS Volumes
There are two ways to encrypt volumes. Through the Operating System, or through the AWS console. To use the AWS console, you first have to create a snapshot of the EBS volume. Then you create a copy of the snapshot in the same region your EBS volume is currently in. In the settings of the copy snapshot, you will find there the option to encrypt the copy of the snapshot.
After the snapshot copy is created, you can then go on and create a new volume from that copied snapshot, which will be automatically encrypted since the snapshot copy is encrypted.