Back to All Checks
Medium EC2 Regional

Attached EBS volumes should be encrypted at-rest

NISTHIPAA

Description

Checks whether attached Amazon EBS volumes are encrypted at rest.

Remediation

To comply with this control, ensure that all attached Amazon EBS volumes are encrypted. Encryption can be enabled for new volumes during creation and for existing volumes through snapshot and copy operations.

Steps

  1. Sign in to the AWS Management Console and open the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the EC2 console, click on 'Volumes' in the left navigation pane.
  3. Select the EBS volume you want to encrypt.
  4. If the volume is not encrypted, create a snapshot of the volume by selecting 'Actions' > 'Create Snapshot'.
  5. Once the snapshot is created, select it and choose 'Actions' > 'Copy'.
  6. In the 'Copy Snapshot' dialog, select the 'Encrypt this snapshot' checkbox and choose an encryption key.
  7. After the encrypted snapshot is created, create a new EBS volume from this snapshot.
  8. Detach the original volume from the EC2 instance and attach the newly created encrypted volume.

Compliance

NISTHIPAA
Start Your Free Security Check