EBS snapshot should be encrypted
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Description
Encrypt Amazon Elastic Block Store (EBS) snapshots with volume snapshot encryption keys.
Rationale
Amazon EBS snapshots contain sensitive data, and publicly accessible snapshots can be copied. Keep your data secure from exploits or unauthorized users by using AWS key management.
From the console
Follow the Default key for EBS encryption docs to learn how to encrypt a snapshot in the AWS Console.
From the command line
Run get-ebs-default-kms-key-id
to describe the default CMK.
If you need to create a new key, follow the Creating keys AWS Console docs or the create-key AWS CLI docs.
Run modify-ebs-default-kms-key-id
with your --kms-key-id
to modify the default CMK used to encrypt EBS volumes.
See the Set encryption defaults using the API and CLI docs for additional information.