EBS volume encrypted
More Info:
Ensure EBS volumes are encryptedRisk Level
HighAddress
SecurityCompliance Standards
HITRUST, AWSWAF, CISAWS, CBP, SOC2, GDPR, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
- Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
- From the navigation bar, select the Region.
- From the navigation pane, select EC2 Dashboard.
- In the upper-right corner of the page, choose Account Attributes, Data protection and security.
- Choose Manage.
- Select Enable. You keep the AWS managed key with the alias alias/aws/ebs created on your behalf as the default encryption key, or choose a symmetric customer managed encryption key.
- Choose Update EBS encryption.
Using CLI
Using CLI
- To view the encryption by default setting
a. For a specific Region
b.For all Regions in your account
- To enable encryption by default
a. For a specific Region
b. For all Regions in your account
Using Python
Using Python
To enable encryption by default for a region using Python, you can use the Replace
boto3 library to interact with AWS resources. Here’s a Python script equivalent to the steps mentioned:'your-region' with the AWS region where you want to enable default encryption. You can find a list of AWS region codes here.Make sure you have appropriate AWS credentials configured either through environment variables, AWS CLI configuration, or IAM roles assigned to your EC2 instance if you’re running this script on an EC2 instance.