EBS Volume not Encrypted

Tenacity Id

Risk Level

Categories

ebs-001

4

Last Updated:

April 21, 2022

Elastic Block Store (EBS) volumes are unencrypted. EBS volumes can be configured to encrypt for both boot and data volumes. Once an EBS volume is encrypted the data is encrypted at rest and traffic inside the volume, between the volume and the instance as well as all snapshots created from the volume are encrypted. Unencrypted volumes store and transmit data in plain text, leaving data susceptible to potential exposure. EBS volumes are not encrypted by default. EBS volumes should be encrypted.