AWS-EC2-EBS-Encryption-Enabled

Severity: High

Description: This control ensures that we encrypt the EBS volumes with customer managed master keys in all regions. After a volume attaches to an instance, it can use be used asa physical hard drive. EBS volumes are flexible. A Key generated by the Customer, Customer Managed Key(CMK) are preferred because they allow the user to manage the Key Material.

Remediation Steps:

Perform following to update encryption for EBS :

  1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

  2. Navigate to EC2 console.

  3. In the navigation pane, Click on Volumes from the Resources Section

  4. Click on Create Volume button.

  5. Check the Encryption check box.

  6. In the Master Key selection, select the Customer Created KMS key.

  7. Proceed with remaining process of Volume Creation as usual.

Important:

Reference :

Blue Hexagon Proprietary