Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: Attached EBS volumes should have encryption enabled

This rule ensures that EBS volumes are secure with encryption enabled.

RuleAttached EBS volumes should have encryption enabled
FrameworkCISA-cyber-essentials
Severity
Medium

Rule Description

The rule requires that all attached EBS (Elastic Block Store) volumes should have encryption enabled. This is a mandatory security measure to comply with the CISA Cyber Essentials guidelines.

Troubleshooting Steps

If an attached EBS volume does not have encryption enabled, follow the steps below for troubleshooting:

  2. 1.

    Verify Encryption Status: Check the encryption status of the EBS volume by logging into the AWS Management Console or using the AWS CLI (Command Line Interface).

  4. 2.

    Encryption Not Enabled: If the encryption status shows as "Not Enabled," proceed with the remediation steps.

Remediation Steps

To enable encryption for an attached EBS volume, follow the step-by-step guide below:

Using AWS Management Console

  2. 1.

    Log into the AWS Management Console.

  4. 2.

    Navigate to the Amazon EC2 dashboard.

  6. 3.

    Select "Volumes" from the sidebar menu.

  8. 4.

    Identify the unencrypted EBS volume that needs encryption enabled.

  10. 5.

    Right-click on the volume, and select "Modify Volume."

  12. 6.

    In the "Modify Volume" dialog box, select the encryption option.

  14. 7.

    Choose the desired encryption key or create a new one.

  16. 8.

    Click on "Modify" to apply the changes.

Using AWS CLI

  2. 1.

    Install and configure the AWS CLI on your local machine if not already done.

  4. 2.

    Open the command-line interface or terminal.

  6. 3.

    Run the following command to enable encryption for an EBS volume:

    aws ec2 modify-volume --volume-id <volume-id> --encrypted

    Replace 

    <volume-id>
    with the actual ID of the unencrypted volume.

  8. 4.

    Verify the encryption status using the following command:

    aws ec2 describe-volumes --volume-ids <volume-id> --query "Volumes[].{ID:VolumeId,Encryption:Encrypted}" --output table

    Replace 

    <volume-id>
    with the actual ID of the volume.

Additional Notes

  • Enabling encryption for attached EBS volumes ensures that data on the volumes is protected at rest.

  • Regularly audit and monitor EBS volumes to ensure compliance with the CISA Cyber Essentials requirements.

  • It is recommended to automate the encryption process using infrastructure-as-code tools like AWS CloudFormation or AWS CDK, to ensure consistent deployment and compliance across multiple instances and volumes.

Is your System Free of Underlying Vulnerabilities?
Find Out Now