EBS volume should be encrypted

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Description

Enable encryption for Elastic Block Store (EBS) by default in the region.

Rationale

AES-256 encryption, used by EBS, protects data stored on volumes, disk I/O, and the snapshots created from a volume to protect your sensitive data from exploits and unauthorized users.

Remediation

From the console

Follow the EBS encryption docs to learn about the requirements and methods for enabling encryption region-wide in the AWS Console.

From the command line

  1. Run enable-ebs-encryption-by-default to enable encryption for your account in the current region.
    aws ec2 enable-ebs-encryption-by-default \
    --region <INSERT-AWS-REGION>

See the Set encryption defaults using the API and CLI docs for additional commands related to EBS encryption.