{"id":350,"date":"2015-06-30T13:18:32","date_gmt":"2015-06-30T20:18:32","guid":{"rendered":"http:\/\/infinitedisorder.com\/?p=350"},"modified":"2015-06-30T13:19:15","modified_gmt":"2015-06-30T20:19:15","slug":"creating-a-ubuntu-opsworks-ami-with-an-encrypted-volume","status":"publish","type":"post","link":"https:\/\/infinitedisorder.com\/?p=350","title":{"rendered":"Creating a ubuntu Opsworks AMI with an encrypted volume"},"content":{"rendered":"<p>Amazon says that drive encryption in Opsworks is on the roadmap. In the meantime they suggest creating a drive in EC2, adding it to resources, then mapping it to an instance.<\/p>\n<p>For my automation, I much prefer to have an AMI with an encrypted volume attached:<\/p>\n<p>1. created instance in opsworks, no application recipes<br \/>\n2. cleaned out opsworks data from instance <a class=\"external-link\" href=\"http:\/\/docs.aws.amazon.com\/opsworks\/latest\/userguide\/workinginstances-custom-ami.html\" rel=\"nofollow\">http:\/\/docs.aws.amazon.com\/opsworks\/latest\/userguide\/workinginstances-custom-ami.html<\/a><br \/>\n3. created encrypted volume, mounted it elsewhere, created ext3 filesystem<br \/>\n4. added mount command to \/etc\/rc.local (mount \/dev\/xvdh \/storage\/)<br \/>\n5. shutdown opsworks instance via opsworks<br \/>\n6. created snapshot of 100gb volume<br \/>\n7. attached volume to instance and specify snapshot (snap-6ed57648)<br \/>\n8. created ami &#8220;encrypted-disks-ubu1204-4&#8221;<br \/>\n9. created new instance in scout layer and another new instance in a blank layer, both using new AMI<br \/>\n10. verified applicable volumes are encrypted<br \/>\n11. started instance in opsworks<\/p>\n<p>Note: don&#8217;t forget, you can&#8217;t share encrypted volumes with other accounts, the encryption key is only accessible from your account.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Amazon says that drive encryption in Opsworks is on the roadmap. In the meantime they suggest creating a drive in EC2, adding it to resources, then mapping it to an instance. For my automation, I much prefer to have an AMI with an encrypted volume attached: 1. created instance in opsworks, no application recipes 2. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-350","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=\/wp\/v2\/posts\/350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=350"}],"version-history":[{"count":2,"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=\/wp\/v2\/posts\/350\/revisions"}],"predecessor-version":[{"id":352,"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=\/wp\/v2\/posts\/350\/revisions\/352"}],"wp:attachment":[{"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infinitedisorder.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}