/
AWS-EC2-EBS-Encryption-Enabled

AWS-EC2-EBS-Encryption-Enabled

Severity: High

Description: This control ensures that we encrypt the EBS volumes with customer managed master keys in all regions. After a volume attaches to an instance, it can use be used asa physical hard drive. EBS volumes are flexible. A Key generated by the Customer, Customer Managed Key(CMK) are preferred because they allow the user to manage the Key Material.

Remediation Steps:

Perform following to update encryption for EBS :

  1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

  2. Navigate to EC2 console.

  3. In the navigation pane, Click on Volumes from the Resources Section

  4. Click on Create Volume button.

  5. Check the Encryption check box.

  6. In the Master Key selection, select the Customer Created KMS key.

  7. Proceed with remaining process of Volume Creation as usual.

Important:

Reference :

Related content

AWS-EC2-EBS-Encrypted-Snapshots
AWS-EC2-EBS-Encrypted-Snapshots
More like this
AWS-EC2-Managed-NAT-Gateway-In-Use
AWS-EC2-Managed-NAT-Gateway-In-Use
Read with this
AWS-EC2-EBS-Encryption-Enabled-By-Default
AWS-EC2-EBS-Encryption-Enabled-By-Default
More like this
AWS-EC2-Insecure-EC2-Metadata-Options
AWS-EC2-Insecure-EC2-Metadata-Options
Read with this
AWS-EC2-Encrypted-AMI
AWS-EC2-Encrypted-AMI
More like this
AWS-ELBv2-ELB-SSL-Termination
AWS-ELBv2-ELB-SSL-Termination
Read with this

Blue Hexagon Proprietary