AWS EBS volume region with encryption is disabled
Description
This policy identifies AWS regions in which new EBS volumes are getting created without any encryption. Encrypting data at rest reduces unintentional exposure of data stored in EBS volumes. It is recommended to configure EBS volume at the regional level so that every new EBS volume created in that region will be enabled with encryption by using a provided encryption key.
Code Example
go
resource "aws_ebs_encryption_by_default" "enabled" {
+ enabled = true
}Remediation
Terraform
- Resource: aws_ebs_encryption_by_default
- Arguments: enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0159 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_106 |