<  Back to rules search

EBS volume snapshot is not publicly shared with other AWS accounts

ebs

Description

Secure Amazon Elastic Block Store (EBS) snapshots.

Rationale

Publicly shared Amazon EBS volume snapshots contain sensitive application data that can be seen, copied, and exploited.

Remediation

From the console

Follow the EBS encryption docs to learn how to implement EBS encryption. Public snapshots, which are encrypted by default, are not supported

**Note**: You can share an encrypted snapshot with specific accounts.

From the command line

  1. Run enable-ebs-encryption-by-default to enable encryption for your account in the current region.

  2. Run get-ebs-encryption-by-default to confirm encryption is enabled.

See the Set encryption defaults using the API and CLI docs for additional commands related to EBS encryption.