Back to All Checks
Medium EC2 Regional

EC2 Spot Fleet requests with launch parameters should enable encryption for attached EBS volumes

FSBP

Description

This control checks whether an Amazon EC2 Spot Fleet request that specifies launch parameters is configured to enable encryption for all Amazon Elastic Block Store (Amazon EBS) volumes attached to EC2 instances. The control fails if the Spot Fleet request specifies launch parameters and doesn't enable encryption for one or more EBS volumes specified in the request.

Remediation

To enable EBS encryption for Spot Fleet requests, you need to configure the EBS block device mappings with encryption enabled.

Steps

  1. Open the Amazon EC2 console
  2. Navigate to Spot Requests
  3. Select the Spot Fleet request you want to modify
  4. Click 'Actions' and select 'Modify Spot Fleet request'
  5. In the launch configuration, update the EBS block device mappings
  6. Set 'Encrypted' to 'true' for all EBS volumes
  7. Specify a KMS key if needed for encryption
  8. Save the changes to enable EBS encryption

Compliance

FSBP
Start Your Free Security Check