Posted On: Jun 25, 2019

We are excited to announce the capability to launch Encrypted EBS backed EC2 instances from unencrypted AMIs in AWS China (Beijing) Region operated by Sinnet, and AWS China (Ningxia) Region operated by NWCD. 

You can now launch an encrypted Amazon Elastic Block Store (EBS) backed Amazon Elastic Compute Cloud (EC2) instance from any unencrypted Amazon Machine Image (AMI), such as an AWS community or marketplace AMI with a single API call. 

Previously, to launch an encrypted EBS backed instance from an unencrypted AMI, you first made an encrypted copy of the same AMI in each of your accounts. Now, with a single API call you can launch an encrypted instance without needing to make an encrypted copy of the AMI. This simplifies your process to launch instances with encrypted volumes and reduces your associated AMI storage costs. Similarly, you can also create encrypted EBS volumes directly from unencrypted snapshots by specifying encryption properties in your CreateVolume command, without needing to make additional snapshot copies. 

To get started, see the technical documentation on launching encrypted instances from unencrypted AMIs. These features are now available through the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs at no extra charge in all commercial regions.