EBS volume is not encrypted

ID

aws_ebs_volume_not_encrypted

Severity

critical

Vendor

AWS

Resource

Encryption

Tags

reachable

Description

EBS volume is not encrypted. The data in the volumes is not encrypted. A user with access to the volumes could see the data in plain text.

To fix it you must configure encrypted=true.

Learn more about this topic at AWS EBS Automatic encryption.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - amazon.aws.ec2_vol:
        instance: XXXXXX
        volume_size: 5
        device_name: sdd
        region: us-west-2
yaml

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - amazon.aws.ec2_vol:
        instance: XXXXXX
        volume_size: 5
        device_name: sdd
        region: us-west-2
        encrypted: true
yaml