Ensure that EBS volume has encryption enabled
With Amazon EBS encryption, you aren't required to build, maintain, and secure your own key management infrastructure. Also it ensures that the data is encrypted and rest and during transit from EBS to EC2.
Risk Level: High
Cloud Entity: Amazon Elastic Block Storage (EBS)
CloudGuard Rule ID: D9.CFT.CRY.11
Covered by Spectral: Yes
Category: Storage
GSL LOGIC
AWS_EC2_Volume should have Encrypted=true
REMEDIATION
From CFT
Set AWS::EC2::Volume Encrypted property to 'true'
References
- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volume.html#cfn-ec2-ebs-volume-encrypted
- https://docs.aws.amazon.com/cli/latest/reference/ec2/create-volume.html
Amazon Elastic Block Storage (EBS)
Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability. Amazon EBS volumes offer the consistent and low-latency performance needed to run your workloads. With Amazon EBS, you can scale your usage up or down within minutes ��� all while paying a low price for only what you prov
Compliance Frameworks
- AWS CloudFormation ruleset
Updated about 1 year ago