Is there a way to create a cloudformation script which enables EBS encryption by default for all organizations? There is a aws config rule for this what I am looking for a remediation for this config rule. https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#ebs-enable-encryption
AWS Enable EBS Encryption via cloudformation
3k Views Asked by user2562618 At
2
There are 2 best solutions below
0

As of December 2023, you now can configure EBS Block Public Access using CloudFormation, using AWS::EC2::SnapshotBlockPublicAccess
.
This is not precisely the same as requiring EBS Encryption, but preventing public snapshots is one of the major reasons people want encryption, and this gets a similar result.
This is currently not possible via CloudFormation. https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/158
Alternatively, you can enforce the policy that only encrypted EBS volumes can be created or attached by adding the following IAM policy statement: