Instance with unencrypted block device.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | ec2 |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
EC2 instances are configured with block devices (such as EBS volumes) that do not have encryption enabled. This means data stored on these devices is written in plaintext at rest.
Impact#
If an attacker gains access to the underlying storage, unencrypted data can be read or copied without restriction, exposing sensitive information and potentially violating compliance requirements.
Resolution#
Turn on encryption for all block devices