How to encrypt your data at rest using Docker and AWS Elastic Beanstalk

Fabricio Pautasso
Dec 16, 2019 · 2 min read

When developing a healthcare application, one of the regulations that will come into play will be HIPAA. One of the requirements of this regulation related to data at rest is that it needs to be encrypted.

In this post, we will go through how to encrypt our data at rest when running an application on an AWS Elastic Beanstalk environment using Docker.

Problem

Our dockerized application is being deployed to an Elastic Beasntalk environment where the EBS volumes attached to the EC2 machines, where the containers are running, are not being encrypted

Solution

There are a couple of tutorials out there on how to enable encryption on a new EBS volume attached to an EC2 like:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html

https://cloudacademy.com/blog/how-to-encrypt-an-ebs-volume-the-new-amazon-ebs-encryption/

The issue we faced while trying these approaches is that as we were using Docker, when you encrypt the EBS attached to the EC2 machine, just the root volume is being encrypted (/dev/xvda), while the new volume being generated by Docker when the container is deployed (/dev/xvdcz) was left unencrypted.

To fix the problem, we need to follow the next steps:

  1. Login to AWS Management console and go to EC2 section
  2. EC2 Dashboard → Settings
  3. Select Always encrypt new EBS volumes and save changes

4. Go to Elastic Beanstalk section and choose the application/environment you want to encrypt

5. Click on Actions → Rebuild Environment

This will terminate the current EC2 machine that is running your dockerized application and its related volumes. It will create a new EC2 machine where all the volumes created/attached to it are encrypted.

6. Go back to EC2 → EC2 dashboard → Settings

7. Disable the encryption enabled on step 3

Nexton

Nexton empowers companies to engage with the best remote…

Fabricio Pautasso

Written by

Software Engineer @ Nexton

Nexton

Nexton

Nexton empowers companies to engage with the best remote engineers and deliver the best products.

More From Medium

More from Nexton

More on Docker from Nexton

117

More on Docker from Nexton

More on Docker from Nexton

What the Helm Kubernetes?

105

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade