standard
turbot/aws_cis
Get Involved
Version
Pipeline: 5.1.1 Ensure EBS volume encryption is enabled in all regions
Description
Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.
Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.
Remediation
From Console:
- Log in to AWS Management Console and open the Amazon EC2 console using https://console.aws.amazon.com/ec2/
- Under
Account attributes
, clickEBS encryption
. - Click
Manage
. - Click the
Enable
checkbox. - Click
Update EBS encryption
- Repeat for each region in which EBS volume encryption is not enabled by default.
Note: EBS volume encryption is configured per region.
From Command Line:
- Run
aws --region <region> ec2 enable-ebs-encryption-by-default.
- Verify that
EbsEncryptionByDefault
:true
is displayed. - Repeat for each region in which EBS volume encryption is not enabled by default.
Note: EBS volume encryption is configured per region.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run aws_cis.pipeline.cis_v400_5_1_1
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = aws_cis.pipeline.cis_v400_5_1_1 }
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
database | connection.steampipe | Yes | Database connection string. | connection.steampipe.default |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
Outputs
This pipeline has no outputs.
Tags
folder = CIS v4.0.0/5 Networking/5.1 Elastic Compute Cloud (EC2)