Ensure that the root block device has encryption enabled
With Amazon EBS encryption, you aren't required to build, maintain, and secure your own key management infrastructure. Also it ensures that the data is encrypted and rest and during transit from EBS to EC2.
Risk Level: High
Cloud Entity: Amazon EC2 Instance
CloudGuard Rule ID: D9.CFT.CRY.10
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
AWS_EC2_Instance should have BlockDeviceMappings contain-all [ Ebs.Encrypted='true' ]
REMEDIATION
From CFT
Set Ebs.Encrypted
to true in BlockDeviceMappings array for resource AWS::EC2::Instance
References
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html
- https://aws.amazon.com/premiumsupport/knowledge-center/cloudformation-root-volume-property/
Amazon EC2 Instance
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers.
Compliance Frameworks
- AWS CloudFormation ruleset
Updated over 1 year ago