AWS-EC2-EBS-Encrypted-Snapshots

Severity: High

Description: This control ensures that to encrypt the EBS snapshots with customer managed master keys in all regions. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data.

Remediation Steps:

Perform following to update encryption for EBS snapshots :

1. Login to the AWS Management Console at https://console.aws.amazon.com as root user.

2. Navigate to EC2 console.

3. In the navigation pane, Click on Volumes from the Resources Section

4. Click on Create Volume button.

5. Check the Encryption check box.

6. In the Master Key selection, select the Customer Created KMS key.

7. Proceed with remaining process of Volume Creation as usual.

Important:

Reference :

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSSnapshots.html