EBS Snapshot not Encrypted

Tenacity Id

Risk Level

Categories

ebs-003

4

Last Updated:

April 21, 2022

Elastic Block Store (EBS) snapshots are unencrypted. EBS snapshots can be configured with encryption. Once an EBS snapshot is encrypted the data is encrypted at rest for the snapshot as well the volumes created from the snapshot. Unencrypted EBS snapshots are stored in plain text and could expose sensitive data in the event of a breach. EBS snapshots should be encrypted.