Is there a way to create a cloudformation script which enables EBS encryption by default for all organizations? There is a aws config rule for this what I am looking for a remediation for this config rule. https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#ebs-enable-encryption
AWS Enable EBS Encryption via cloudformation
3k views Asked by user2562618 At
2
There are 2 answers
0
poolie
On
As of December 2023, you now can configure EBS Block Public Access using CloudFormation, using AWS::EC2::SnapshotBlockPublicAccess .
This is not precisely the same as requiring EBS Encryption, but preventing public snapshots is one of the major reasons people want encryption, and this gets a similar result.
Related Questions in AMAZON-WEB-SERVICES
- S3 integration testing
- How to get content of BLOCK types LAYOUT_TITLE, LAYOUT_SECTION_HEADER and LAYOUT_xx in Textract
- Error **net::ERR_CONNECTION_RESET** error while uploading files to AWS S3 using multipart upload and Pre-Signed URL
- Failed to connect to your instance after deploying mern app on aws ec2 instance when i try to access frontend
- AWS - Tab Schema Conversion don't show up after creating a Migration Project
- Unable to run Bash Script using AWS Custom Lambda Runtime
- Using Amazon managed Prometheus to get EC2 metrics data in Grafana
- AWS Dns record A not navigate to elb
- Connection timed out error with smtp.gmail.com
- AWS Cognito Multi-tenant Integration | Ok to use Client’s Idp?
- Elasticbeanstalk FastAPI application is intermittently not responding to https requests
- Call an External API from AWS Lambda
- Why my mail service api spring isnt working?
- export 'AWSIoTProvider' (imported as 'AWSIoTProvider') was not found in '@aws-amplify/pubsub'
- How to take first x seconds of Audio from a wav file read from AWS S3 as binary stream using Python?
Related Questions in ENCRYPTION
- Is TLS enough for client server encryption or if dealing with sensitive data, its better to add ur own encryption also. for example leverage AWS SSM?
- Secure Messaging Implementation in C#
- File splitting and encryption
- Large file processing in the web browser
- Java code of AES/GCM/NoPadding encryption algorithm with authentication tag
- AES-256-CBC encryption returning different result in Python and PHP , HELPPP
- Why are encrypted stored procedures taking a long time to execute in SQL Server 2022?
- Why/How does Apache auto-include "DHE" TLS1.2 ciphers while nginx needs "dhparams" file?
- Encrypt in Single Store and Decrypt in SQL Server
- Is it possible to develop a Transparent Data Encryption(TDE) system on macOS now?
- How can I ensure incremental changes in deciphered messages in Python substitution cipher decoding?
- Getting Error Message as "the input string is not a complete block" while Decryting using AES
- Laravel: How to fix "the MAC is invalid" on local environment
- How to encrypt a string and decrypt it using a password
- Willena's sqlite-jdbc-crypt driver for sqlite3 database encryption
Related Questions in AMAZON-EC2
- Failed to connect to your instance after deploying mern app on aws ec2 instance when i try to access frontend
- Using Amazon managed Prometheus to get EC2 metrics data in Grafana
- Unable to ping remote websites from an ipV6 only ubuntu ec2 Instance
- Unable to install mysql on Amazon Linux 2023
- AWS Elastic Beanstalk - Deployment Issues with Flask backend (React frontend already deployed with S3 and Cloudfront)
- AWS ECS agent does not start in EC2 instance
- Moving a website from a subdomain to the domain root
- Switch to Cloudfront CDN causing issues for small number of users
- Selenium parser
- ReadTimeout error when downloading images on AWS EC2 but not locally
- Iam not able to login to bastion server-permission denied error
- No GPU EC2 instances associated with AWS Batch
- Django Deployment on AWS EC2 with Docker Compose: Seeking Advice on Security, Scalability, and Best Practices
- How to host a react and django application on ec2
- Connection services in different containers in the same ec2 instance
Related Questions in AWS-CLOUDFORMATION
- How to set custom Origin Name in AWS CDK for CloudFront
- Error when creating cedar template-linked policy using CloudFormation
- AWS Cloudformation: InvalidTemplateException `Every Condition member must be a string.`
- AWS lambda calling two differents SNS mixed up account ids
- How to reuse a created resource in CloudFormation
- aws :: cloudformation :: possibilities to get current userID
- Cloudformation template for creating an emr cluster with imdsv2
- Need CloudFormation Guard to skip any lines starting with !Ref when scanning Managed Policies
- AWS Cloudformation stack creation failure
- Working on a cloudformation template which creates instances in public and private subnet instances in public sub needs to call api from private
- Using CloudFormation Output as Fn::ForEach collection
- How to access cross account resources through AWS Cloudformation
- Iterating over a file in Serverless Framework
- Validation error ApiGatewayMethodProxyVarGet: expected type: Boolean, found: JSONObject in AWS CloudFormation
- AWS CDK use `dependsOn` across different .yaml templates
Related Questions in AWS-CONTROL-TOWER
- Enrolling AFT-Provisioned Account in a Child OU
- AWS Amplify CLI S3 Properties Contradicts AWS Control Tower Recommendation
- How can I add AWS QuickSight access to the SCPs controlled by Control Tower?
- AWS Control Tower error create account using AWS Control Tower
- AWS SCP to mandate rds encryption with cmk
- AWS Control Tower and KMS Keys
- Control Tower Failing to Re-Register OU and even Account Enrollment
- Implement AWS Cost allocation tags via Account factory for terraform(AFT) or Landing zone accelerator(LZA)
- Baseline Config not deployed in Control Tower regions
- Aws config vs detective guardrails
- Enforce AWS::ElasticLoadBalancingV2::Listener + TLS >= 1.2
- AWS Control Tower could not delete some account trails error
- How to use CloudWatch after Control Tower version 3.0 update
- How do I edit a bucket policy deployed by organizational-level CloudTrail
- AWS CloudShell not working after creating a new account with Control Tower
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
This is currently not possible via CloudFormation. https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/158
Alternatively, you can enforce the policy that only encrypted EBS volumes can be created or attached by adding the following IAM policy statement: