Encrypting AWS EC2 Root Volumes (EBS)
You cannot encrypt the root volume of a standard Amazon provided EC2 / EBS volume.
You can take a snapshot of the volume, make an encrypted copy and use that copy to create a custom AMI with it, and encrypt it then.
Moving Non-Root Volumes to a New Availability Zone
- Take a snapshot of the EBS volume that you want to move
- Create a new volume and specify the new availability zone when creating it
- Mount the copy to an EC2 instance in the new AZ
Note: you cannot mount an EBS volume to an EC2 instance that exists in a different AZ – in other words, EBS volumes used by an EC2 instance must exist in the same AZ as the EC2 instance.