Encryption is not enforced at the region level Affecting EBS service in AWS


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Data/ Encryption at Rest

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
  • Snyk IDSNYK-CC-00760
  • creditSnyk Research Team

Description

EBS volumes without regional encryption enforcement may lead to data being stored unencrypted, increasing the risk of data breaches and non-compliance with data protection regulations. Enforcing encryption at the region level ensures that all new EBS volumes are encrypted by default, protecting data at rest from unauthorized access and ensuring compliance with security best practices.

How to fix?

Set the enabled attribute in aws_ebs_encryption_by_default resource to true.

Example Configuration


resource "aws_ebs_encryption_by_default" "allowed" {
  enabled = true
}