Ensure that all your new Amazon EBS volumes are encrypted by default within the specified AWS cloud region in order to reach your data protection and compliance goals.
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When working with EBS data that is crucial to your business, it is strongly recommended to implement encryption at rest in order to protect your data from attackers or unauthorized personnel. When Encryption by Default feature is enabled, all new Amazon EBS volumes and copies of snapshots created in the specified region(s), are encrypted by default. If you implement Amazon IAM policies that require the use of encrypted EBS volumes, you can use this feature to avoid launch failures that would occur if unencrypted volumes were inadvertently referenced when an instance is launched. In this case, your SecOps team can enable encryption by default without having to coordinate with your development team and without performing additional operational changes. Your new EBS volumes can be encrypted with the AWS-managed master key, unless you specify a different key at launch time.
Note: Enabling this feature does not affect existing unencrypted Amazon EBS volumes.
To determine the Encryption by Default feature status for your Amazon EBS volumes in the specified AWS region, perform the following operations:
Remediation / Resolution
To enable encryption by default for your new Amazon EBS volumes, perform the following operations:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
Enable Encryption by Default for EBS Volumes
Risk level: Medium