With encryption enabled, your EBS volumes can hold very sensitive and critical data. The EBS encryption and decryption is handled transparently and does not require any additional action from you, your server instance, or your application.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When dealing with production data that is crucial to your business, it is highly recommended to implement encryption in order to protect it from attackers or unauthorized personnel. With Elastic Block Store encryption enabled, the data stored on the volume, the disk I/O and the snapshots created from the volume are all encrypted. The EBS encryption keys use AES-256 algorithm and are entirely managed and protected by the AWS key management infrastructure, through AWS Key Management Service (AWS KMS).
Case A: to determine if your EBS volumes are encrypted, perform the following:
Case B: to determine if your EBS snapshots are encrypted, perform the following:
To enable encryption on your existing EBS volumes and snapshots, you need to re-create them and turn the encryption feature on. This can be done by performing the following: