AWS Config Rule: Encrypted Volumes


Fernando Honig

Last Update 8 mesi fa

Description: Checks if the EBS volumes that are in an attached state are encrypted. If you specify the ID of a KMS key for encryption using the kmsId parameter, the rule checks if the EBS volumes in an attached state are encrypted with that KMS key.

Trigger type: Configuration changes

AWS Region:
All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), Europe (Spain), Europe (Zurich) Region

How to Resolve this Manually

To resolve this manually, go to your AWS Management Console and select EC2 under Services.

Go to Volumes under Elastic Block Store and select the volume that is NON_COMPLIANT according to the AWS Config Rule.

Currently, there is no option to encrypt a volume if not encrypted

In order to encrypt a volume, you need to create a snapshot. Click Actions -> Create snapshot.

Go to Snapshots under Elastic Block Store and filter by the volume-id. Click Actions -> Create volume and make sure you click Encrypt this volume under Encryption.

When the new volume is created, you can either attach it to the instance or create a new instance from it.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us