AWS_Config_1

Ensure an AWS Managed Config Rule for encrypted volumes is applied

Description

AWS Config provides you with a detailed inventory of your AWS resources and their current configuration, and continuously records configuration changes to these resources. You can evaluate these configurations and changes for compliance with ideal configurations as defined by AWS Config Rules.

Remediation

Perform the following to ensure an AWS Managed Config Rule for encrypted volumes is applied

  1. Go to the AWS Config console at https://console.aws.amazon.com/config
  2. Select Rules tab from the left side.
  3. Search for a Config Rule that checks if the EBS volumes are encrypted with KMS key.
  4. Give specific name and description and save it.

Using the Amazon unified command line interface:

  • Create locally a json file (similar with the below sample) with the configuration of the Config Rule, and save it as /tmp/ConfigRule.json:
    • { “Description”: “Checks whether Web Tier EBS volumes that are in an attached state are encrypted.”, “ConfigRuleName”: “encrypted-volumes”, “Source”: {“Owner”: “AWS”, “SourceIdentifier”: “ENCRYPTED_VOLUMES” }, “InputParameters”: “{“kmsId””:””web_tier_kms_key””}””

Service

AWS Config

Severity

Low

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!