Ensure Elastic Block Store (EBS) volumes are encrypted through AWS Config

MEDIUM

Description

AWS Config does not encrypt volumes by default. Encryption will help protect data integrity and confidentiality.

Remediation

In AWS Console -

Sign in to AWS Console and go to the EC2 dashboard.
In the navigation panel, under AWS Config, click Rules.
Select the AWS Config rule you want to edit in the Edit rule column.
On the Config rule page select source identifier as 'ENCRYPTED_VOLUMES'.

In Terraform -

In the aws_config_config_rule resource, set the source.source_identifier field to ENCRYPTED_VOLUMES.

References:
https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_config_rule

Policy Details

Rule Reference ID: AC_AWS_0048

CSP: AWS

Remediation Available: Yes

Domain: Data Protection

Resource: aws_config

Resource Category: Management

Resource Type: Config

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0