stackoom
  简体   繁体   中英

AWS Enable EBS Encryption via cloudformation

 原文  2020-10-13 02:03:13       amazon-web-services/ encryption/ amazon-ec2/ amazon-cloudformation/ aws-control-tower

Question

Is there a way to create a cloudformation script which enables EBS encryption by default for all organizations? There is a aws config rule for this what I am looking for a remediation for this config rule. https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#ebs-enable-encryption

1 answers

solution1
 1 ACCPTED  2020-10-13 03:21:25

This is currently not possible via CloudFormation. https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/158

Alternatively, you can enforce the policy that only encrypted EBS volumes can be created or attached by adding the following IAM policy statement:

{
  "Sid": "DenyAnythingRelatedToUnencryptedVolume",
  "Effect": "Deny",
  "Action": [
    "ec2:*"
  ],
  "Condition": {
    "Bool": {
      "ec2:Encrypted": "false"
    }
  },
  "Resource": "*"
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How enable EBS encryption with AWS ECS Enable AWS RDS Auto Scaling via Cloudformation How to enable KMS encryption for AWS ECR when using CloudFormation templates Enable AWS Redshift encryption to a running cluster with CloudFormation change set Data encryption at REST on aws EBS Verify encryption of ebs volumes in aws Enable and configure AWS Cognito Advanced Security Features via Terraform or Cloudformation How to enable Cloudwatch logging for AWS API GW via Cloudformation template AWS cloudformation elasticsearch encryption at rest (KMS encryption) How to automate EBS encryption in all AWS regions?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM