Skip to content

Files

Latest commit

 

History

History
39 lines (28 loc) · 697 Bytes

aws-ebs-enable-volume-encryption.md

File metadata and controls

39 lines (28 loc) · 697 Bytes

Pattern: Disabled encryption for AWS EBS volume

Issue: -

Description

By enabling encryption on EBS volumes you protect the volume, the disk I/O and any derived snapshots from compromise if intercepted.

Resolution: Enable encryption of EBS volumes.

Examples

Example of incorrect code:

resource "aws_ebs_volume" "bad_example" {
  availability_zone = "us-west-2a"
  size              = 40

  tags = {
    Name = "HelloWorld"
  }
  encrypted = false
}

Example of correct code:

resource "aws_ebs_volume" "good_example" {
  availability_zone = "us-west-2a"
  size              = 40

  tags = {
    Name = "HelloWorld"
  }
  encrypted = true
}