AWS EBS default encryption disabled
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
Goal
Detect when an EBS encryption is disabled by default.
Strategy
Monitor CloudTrail and detect when EBS encryption is disabled by default via the following API call:
Triage and response
- Determine which user in your organization owns the API key that made this API call.
- Contact the user and let them know that it is best practice to enable EBS encryption by default.
- Re-enable EBS encryption by default.
For more information about Amazon EBS Encryption, check out the Amazon EBS Encryption documentation.
Changelog
- 18 March 2022 - Rule query and severity updated.
- 16 November 2022 - Rule query updated.
