ASG EBS Volume Not Encrypted

Tenacity Id

Risk Level

Categories

asg-009

3

Last Updated:

April 21, 2022

An AWS Auto Scaling Group (ASG) is configured to launch Amazon Elastic Compute Cloud (EC2) instances with unencrypted Amazon Elastic Block Store (EBS) volumes. An unencrypted EBS volume stores data in plain text, allowing an attacker to access plaintext data on a compromised volume. Auto Scaling Groups can be configured to launch EC2 instances with encrypted EBS volumes. Once an EBS volume is encrypted the data is encrypted at rest and traffic inside the volume, between the volume and the instance as well as all snapshots created from the volume are encrypted. ASGs should be configured to deploy EC2 instances with encrypted EBS volumes.\