Migrating data from encrypted EBS volume to an unencrypted EBS volume
When you create an encrypted EBS resource, it is encrypted by your account's default key for EBS encryption unless you specify a different customer managed CMK in the volume creation parameters or the block device mapping for the AMI or instance.
Assuming you still have a running EC2 with access to the Encrypted volume and it has an unencrypted volume attached, you migrate the data of that encrypted volume to the unencrypted volume.
You can freely transfer data between them and EC2 carries out the encryption and decryption operations transparently.
For example, use the rsync command to copy the data.
In the following command, the source data is located in /mnt/source and the destination volume is mounted at /mnt/ destination:
This way, even if you lose the CMK used to encrypt the original EBS volume, you can still recover the data and copy to another volume without encryption.
