Enable Volume Encryption | Vulnerability Database

EBS volumes must be encrypted

By enabling encryption on EBS volumes you protect the volume, the disk I/O and any derived snapshots from compromise if intercepted.

Impact

Unencrypted sensitive data is vulnerable to compromise.

Recommended Actions

Follow the appropriate remediation steps below to resolve the issue.

Enable encryption of EBS volumes

1
2
3
4
5
6
7
8
9


Resources:
  GoodExample:
    Type: AWS::EC2::Volume
    Properties: 
      Size: 100
      Encrypted: true
      KmsKeyId: "alias/volumeEncrypt"
    DeletionPolicy: Snapshot

Enable encryption of EBS volumes

 1
 2
 3
 4
 5
 6
 7
 8
 9
10


 resource "aws_ebs_volume" "good_example" {
   availability_zone = "us-west-2a"
   size              = 40
 
   tags = {
     Name = "HelloWorld"
   }
   encrypted = true
 }
 

Remediation Links

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#encrypted