As far as I understood from AWS official documents (about EBS encryption) and other sources in the internet
These are the steps that we can encrypt an unencrypted EBS volume:
Create a snapshot with encryption
Create a volume from the encrypted volume
Detach the old unencrypted volume
Attach the newly created volume
Terminal old volume
Step 1 to 4 takes some time and if there is new data added to our unencrypted volume it causes data loss (data that were inserted since we created new snapshot)
Consider this case that we have data writing to our EBS volume every second and we want to encrypt the data from now on.
How can we have 100% uptime & availability while encrypting?
It all depends on what you store in your EBS, I recommend that you create a catalog of objects written in your EBS, this catalog is saved in the same EBS and in an external database (dynamo), when you generate the copy of the EBS to generate one Encrypted, this copy will have a catalog of objects written in it until the moment the copy is generated, then when mounting it, it consults the external catalog and with a script synchronizes it using the objects of the old EBS. Once the two are in sync, you can make the switch.