Posted On: May 10, 2019
You can now launch an encrypted Amazon Elastic Block Store (EBS) backed Amazon Elastic Compute Cloud (EC2) instance from any unencrypted Amazon Machine Image (AMI), such as an AWS community or marketplace AMI with a single API call.
Previously, to launch an encrypted EBS backed instance from an unencrypted AMI, you first made an encrypted copy of the same AMI in each of your accounts. Now, with a single API call you can launch an encrypted instance without needing to make an encrypted copy of the AMI. This simplifies your process to launch instances with encrypted volumes and reduces your associated AMI storage costs. Similarly, you can also create encrypted EBS volumes directly from unencrypted snapshots by specifying encryption properties in your CreateVolume command, without needing to make additional snapshot copies.
To get started, see the technical documentation on launching encrypted instances from unencrypted AMIs. These features are now available through the AWS Management Console, AWS Command Line Interface (CLI), or AWS SDKs at no extra charge in AWS GovCloud and all commercial AWS regions except China.