EBS snapshot should be encrypted

ebs
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Encrypt Amazon Elastic Block Store (EBS) snapshots with volume snapshot encryption keys.

Rationale

Amazon EBS snapshots contain sensitive data, and publicly accessible snapshots can be copied. Keep your data secure from exploits or unauthorized users by using AWS key management.

Remediation

From the console

Follow the Default key for EBS encryption docs to learn how to encrypt a snapshot in the AWS Console.

From the command line

  1. Run get-ebs-default-kms-key-id to describe the default CMK.

  2. If you need to create a new key, follow the Creating keys AWS Console docs or the create-key AWS CLI docs.

  3. Run modify-ebs-default-kms-key-id with your --kms-key-id to modify the default CMK used to encrypt EBS volumes.

See the Set encryption defaults using the API and CLI docs for additional information.

PREVIEWING: brett.blue/embedded-collector-release