---
title: EBS volume encryption disabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > EBS volume encryption disabled
---

# EBS volume encryption disabled

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `cc997676-481b-4e93-aa81-d19f8c5e9b12`

**Cloud Provider:** AWS

**Platform:** Terraform

**Severity:** High

**Category:** Encryption

#### Learn More{% #learn-more %}

- [Provider Reference](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#encrypted)

### Description{% #description %}

This check verifies that Amazon Elastic Block Store (EBS) volumes have encryption enabled. EBS volumes store data in an unencrypted format by default, which could expose sensitive information if the volume is compromised. When encryption is enabled, all data stored at rest on the volume, disk I/O, and snapshots created from the volume are encrypted, providing an additional layer of data protection. To enable encryption, set the `encrypted` parameter to `true` in your EBS volume configuration. For example: `resource "aws_ebs_volume" "secure_example" { availability_zone = "us-west-2a", size = 40, encrypted = true }`. Leaving encryption disabled can lead to data exposure risks and may violate compliance requirements for sensitive data protection.

## Compliant Code Examples{% #compliant-code-examples %}

```terraform
resource "aws_ebs_volume" "negative1" {
  availability_zone = "us-west-2a"
  size              = 40
  encrypted         = true

  tags = {
    Name = "HelloWorld"
  }
}
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```terraform
resource "aws_ebs_volume" "positive2" {
  availability_zone = "us-west-2a"
  size              = 40

  tags = {
    Name = "HelloWorld"
  }
}
```

```terraform
resource "aws_ebs_volume" "positive1" {
  availability_zone = "us-west-2a"
  size              = 40
  encrypted         = false

  tags = {
    Name = "HelloWorld"
  }
}
```