Is there a way to create a cloudformation script which enables EBS encryption by default for all organizations? There is a aws config rule for this what I am looking for a remediation for this config rule. https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#ebs-enable-encryption
AWS Enable EBS Encryption via cloudformation
3k Views Asked by user2562618 At
2
There are 2 best solutions below
0
poolie
On
As of December 2023, you now can configure EBS Block Public Access using CloudFormation, using AWS::EC2::SnapshotBlockPublicAccess .
This is not precisely the same as requiring EBS Encryption, but preventing public snapshots is one of the major reasons people want encryption, and this gets a similar result.
Related Questions in AMAZON-WEB-SERVICES
- "Access Denied" - User's Permissions to S3 Bucket
- Cohort analysis with Amazon Redshift / PostgreSQL
- Using Amazon KMS service on Heroku
- can't ssh in after cloning an EC2 instance on Amazon AWS
- Using HDFS with Apache Spark on Amazon EC2
- How can I access Mule ESB Community edition via browser?
- AWS EC2: Migrating from Windows to Linux Server
- AWS ELB Load Balancer: is it possible to set multiple session cookies?
- AWS Flow Framework: Can we run activity worker and activity task on different EC2 instances
- Unable to access files from public s3 bucket with boto
- Cloudfront stream only part of the video
- s3cmd not working as cron-task when echos/dates are added
- How to deploy django 1.8 on Elastic Beanstalk using Docker
- InstanceProfile is required for creating cluster - create python function to install module
- How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
Related Questions in ENCRYPTION
- How to customize the output of the Postgres Pseudo Encrypt function?
- encrypted email with entrust certificate is not opening with MS Outlook
- Encrypting with Crypto Node.js and decrypt with window.crypto in Service-Worker
- How to decrypt identity section in web config?
- An exception of type 'System.Security.Cryptography.CryptographicException': keyset does not exist
- IBM DB2 native encryption applied on live database
- crypto.BadPaddingException: data hash wrong (EKYC-Response)
- searchable row level encryption using java?
- AES 256 and Base64 Encrypted string works on iOS 8 but truncated on iOS 7
- Decrypted string returns "Length of the data to decrypt is invalid"
- Storing Encryption Key in Application
- Decryption password Encrypted using Encryptbypassphrase of SQL Server in Java
- Using HTTPS or encrypt response myself
- Encrypting (large) files in PHP with openSSL
- Writing a code to decrypt message from a text file
Related Questions in AMAZON-EC2
- Using HDFS with Apache Spark on Amazon EC2
- How can I access Mule ESB Community edition via browser?
- AWS EC2: Migrating from Windows to Linux Server
- AWS Flow Framework: Can we run activity worker and activity task on different EC2 instances
- How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
- Determine Deployment Group from appspec.yml
- easy_install does not configure SimpleITK properly
- Bad Request (400) while hosting osqa to AWS EC2
- AWS CLI for EBS snapshots
- test-kitchen: how to read platform specific attributes in kitchen.yml
- Best way to store shared files between ec2 instances
- WebSocket connection failed: WebSocket opening handshake was canceled
- Rails scheduled task behind a load balancer
- Install google mod- pagespeed on elastic beanstalk on every instance added
- ELB generating 504 GATEWAY_TIMEOUTS w/ 2 EC2 instances - Packets not reaching Servers
Related Questions in AWS-CLOUDFORMATION
- How to use cloudformation to create an ecs cluster?
- How Cloud Formation Works
- How to name an Auto Scaling Group in a CloudFormation template?
- Mongodb cluster with aws cloud formation and auto scaling
- Using an AWS RDS instance across multiple VPC
- AWS ECS - Unable to specify service name in cloudformation template
- Set an environment variables in the custom json in opsworks
- Add KeyName to EMR cluster in Cloud Formation template
- get cloudformation parameters from .txt file/s3 bucket
- opsworks parameters and resources in the cloudformation template
- Update cloudformation stack from aws cli with SAM transform
- Change Set Operations Not Working in AWS Ruby SDK
- AWS CloudFormation Stack update error: Requires capabilities : [CAPABILITY_IAM]
- How to deploy an opsworks application by cloudformation?
- Fire scheduled lambda function after cloudformation stack creation
Related Questions in AWS-CONTROL-TOWER
- Control Tower Life Cycle Events
- AWS Enable EBS Encryption via cloudformation
- How do I use AWS Control Tower but ignore the AWS SSO feature in favor of a custom ADFS approach?
- Setting up individual developer accounts in AWS Landing zone seup
- AWS Control Tower failed to set up your landing zone completely: ... because the log group already exists
- How to run aws-nuke across 2 different AWS organizations
- "Templates with transforms requires capabilities: CAPABILITY_AUTO_EXPAND" During Control Tower Customization deployment
- AWS Control Tower Automation
- How do I unsubscribe my AWS organization from CloudTrail?
- AWS Control Tower and Organizations
- AWS Control Tower setup failed
- How to configure automate_aws_accounts_creation_sso_users_assignment.yaml to run in a region of my choice?
- Cannot provision Control Tower Account Factory SC Product via Terraform
- aws-controltower-GuardrailsComplianceAggregator does not have access to config data from enrolled accounts
- AWS CloudShell not working after creating a new account with Control Tower
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
This is currently not possible via CloudFormation. https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/158
Alternatively, you can enforce the policy that only encrypted EBS volumes can be created or attached by adding the following IAM policy statement: