EBS volumes must be encrypted
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
EBS volumes are being created without encryption enabled, meaning data stored on these volumes is not protected at rest. This exposes the underlying data, disk I/O, and any derived snapshots to potential unauthorized access if intercepted.
Impact#
If EBS volumes remain unencrypted, sensitive data may be accessed by unauthorized parties through compromised storage, backups, or snapshots, leading to data breaches and potential regulatory violations.
Resolution#
Enable encryption of EBS volumes