Encrypt Instance Store volumes on AWS

For this, I have created a shell script to fully automate this and can be used as user-data bash shell script.


Copy the below script and run it on your Linux machine:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/bin/bash
 
YUM_CMD=$(which yum)
APT_GET_CMD=$(which apt-get)

encryptEphemeral() {
  for i in sha256 dm_crypt xfs; do
    sudo modprobe $i
    echo $i | sudo tee -a /etc/modules
  done
  
  sudo umount /media/ephemeral0
  sudo chmod 000 /media/ephemeral0
  
  # Enter a passphrase below (the key file will be removed later):
  echo "Cl0ud#9090" > /root/keyfile.pem
  
  cryptsetup luksFormat /dev/xvdb < /root/keyfile.pem
  cryptsetup luksOpen /dev/xvdb my_enc_fs < /root/keyfile.pem
  rm -f /root/keyfile.pem
  
  mkfs.ext4 -m 0 /dev/mapper/my_enc_fs
  mkdir /encrypted_vol
  
  mount -vvv /dev/mapper/my_enc_fs /encrypted_vol > /tmp/mount-logs.log 2>&amp;1
  cryptsetup status my_enc_fs >> /tmp/mount-logs.log
}
 
if [[ ! -z $YUM_CMD ]]; then
  yum install -y cryptsetup xfsprogs
  encryptEphemeral
elif [[ ! -z $APT_GET_CMD ]]; then
  apt-get update; apt-get install -y cryptsetup xfsprogs
  encryptEphemeral
else
 echo "error can't install package $PACKAGE"
 exit 1;
fi

Logs are also generated for the above script to debug any issues.

Feel free to comment.
amazon web services aws cloud linux ubuntu ec2 centos password cryptsetup encryption passphrase redhat unix
© 2024 Varun Chandak, Powered by Aloha and Hexo.