Back to All Checks
Medium EC2 Regional

Amazon EBS default encryption should be enabled

CISNISTISO 27001HIPAA

Description

Checks whether Amazon EBS default encryption is enabled.

Remediation

To comply with this check, enable Amazon EBS default encryption in each region. This ensures that all new EBS volumes and snapshots created in the region are encrypted by default.

Steps

  1. Sign in to the AWS Management Console and open the EC2 console at https://console.aws.amazon.com/ec2/.
  2. In the EC2 console, click on 'EBS' in the left navigation pane, then select 'Encryption Keys'.
  3. In the 'EBS encryption' section, check the status of default encryption.
  4. If default encryption is not enabled, click on the 'Edit' button.
  5. In the 'Edit EBS encryption' dialog, set 'EBS encryption by default' to 'Enabled'.
  6. Optionally, select a default KMS key to use for encryption.
  7. Click on the 'Save' button to apply the changes.

Compliance

CISNISTISO 27001HIPAA
Start Your Free Security Check