Encrypting SoftNAS root volume

Symptoms

By default SoftNAS do not ship an encrypted AMI, but we support the encrypted AMIs our customers create based on our AMIs

Purpose

You want to create an AMI with an Encrypted EBS root volume which can be used to deploy multiple SoftNAS instances in your AWS cloud environment without having the need to do it manually on each new deployment

Resolution

Please follow the AWS instructions below:

  1. Launch a SoftNAS AMI from the Community or Market Place as you normally would
  2. Next, ssh into the instance and delete this file --> /etc/udev/rules.d/70-persistent-net.rules
  3. Next, Shutdown the instance
  4. Detach current root volume
  5. Create a snapshot of the detached root volume
  6. Create a new volume from the snapshot with "Encryption" enabled. NOTE: be sure to select the same AZ your instance in on and check the Encryption button! then select the default master key ((default) aws/ebs)

  7. Attach the newly created root Volume with EBS encryption to the instance as /dev/sda1

  8. Create AMI image of the instance (named something like Encrypted SoftNAS AMI)
  9. After creating the new AMI is done, create a new instance with the "Encrypted SoftNAS AMI"
  10. Now any instances created with this AMI will have the root volume encrypted.