Mods
AWS

Policy: AWS > EC2 > Account Attributes > EBS Encryption by Default

Define the EBS Encryption by Default settings required for AWS > EC2 > Account Attributes.

Encryption at Rest refers specifically to the encryption of data when written to an underlying storage system. This control determines whether the resource is encrypted at rest, and sets encryption to your desired level.

The EBS Encryption by Default control compares the encryption settings against the encryption policies for the resource (AWS > EC2 > Account Attributes > EBS Encryption by Default > *), raises an alarm, and takes the defined enforcement action.

Resource Types

This policy targets the following resource types:

Controls

Policy Packs

This policy setting is used by the following policy packs:

Policy Specification

Schema Type
string
Default
Skip
Valid Values [YAML]
  • Skip
    
  • Check: None
    
  • Check: None or higher
    
  • Check: AWS managed key
    
  • Check: AWS managed key or higher
    
  • Check: Customer managed key
    
  • Check: Encryption at Rest > Customer Managed Key
    
  • Enforce: None
    
  • Enforce: AWS managed key
    
  • Enforce: AWS managed key or higher
    
  • Enforce: Customer managed key
    
  • Enforce: Encryption at Rest > Customer Managed Key
    
Examples [YAML]
  • Check: None or higher
    

Category

In Your Workspace

Developers