EBS volume should be encrypted


Enable encryption for Elastic Block Store (EBS) by default in the region.


AES-256 encryption, used by EBS, protects data stored on volumes, disk I/O, and the snapshots created from a volume to protect your sensitive data from exploits and unauthorized users.


From the console

Follow the EBS encryption docs to learn about the requirements and methods for enabling encryption region-wide in the AWS Console.

From the command line

  1. Run enable-ebs-encryption-by-default to enable encryption for your account in the current region.
    aws ec2 enable-ebs-encryption-by-default \
    --region <INSERT-AWS-REGION>

See the Set encryption defaults using the API and CLI docs for additional commands related to EBS encryption.