EBS volumes must be encrypted
By enabling encryption on EBS volumes you protect the volume, the disk I/O and any derived snapshots from compromise if intercepted.
Impact
Unencrypted sensitive data is vulnerable to compromise.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Enable encryption of EBS volumes
1
2
3
4
5
6
7
8
9
|
Resources:
GoodExample:
Type: AWS::EC2::Volume
Properties:
Size: 100
Encrypted: true
KmsKeyId: "alias/volumeEncrypt"
DeletionPolicy: Snapshot
|
Enable encryption of EBS volumes
1
2
3
4
5
6
7
8
9
10
|
resource "aws_ebs_volume" "good_example" {
availability_zone = "us-west-2a"
size = 40
tags = {
Name = "HelloWorld"
}
encrypted = true
}
|
Links