Ensure that EBS volume has encryption enabled

With Amazon EBS encryption, you aren't required to build, maintain, and secure your own key management infrastructure. Also it ensures that the data is encrypted and rest and during transit from EBS to EC2.

Risk Level: High
Cloud Entity: Amazon Elastic Block Storage (EBS)
CloudGuard Rule ID: D9.CFT.CRY.11
Covered by Spectral: Yes
Category: Storage


AWS_EC2_Volume should have Encrypted=true


From CFT
Set AWS::EC2::Volume Encrypted property to 'true'


  1. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volume.html#cfn-ec2-ebs-volume-encrypted
  2. https://docs.aws.amazon.com/cli/latest/reference/ec2/create-volume.html

Amazon Elastic Block Storage (EBS)

Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes ��� all while paying a low price for only what you prov

Compliance Frameworks

  • AWS CloudFormation ruleset