Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
36Dashboards
1598Benchmarks
674Queries
9Variables
GitHub

Control: EBS default encryption should be enabled

Description

[DEPRECATED] This control has been deprecated and will be removed in a future release, use the ebs_encryption_by_default_enabled control instead. To help protect data at rest, ensure that encryption is enabled for your AWS Elastic Block Store (AWS EBS) volumes.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.ec2_ebs_default_encryption_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.ec2_ebs_default_encryption_enabled --share

SQL

This control uses a named query:

select
  'arn:' || partition || '::' || region || ':' || account_id as resource,
  case
    when not default_ebs_encryption_enabled then 'alarm'
    else 'ok'
  end as status,
  case
    when not default_ebs_encryption_enabled then region || ' default EBS encryption disabled.'
    else region || ' default EBS encryption enabled.'
  end as reason
  , region, account_id
from
  aws_ec2_regional_settings;

Tags

category = Compliance
cis_controls_v8_ig1 = true
cisa_cyber_essentials = true
ffiec = true
gxp_21_cfr_part_11 = true
gxp_eu_annex_11 = true
hipaa_final_omnibus_security_rule_2013 = true
hipaa_security_rule_2003 = true
nist_800_171_rev_2 = true
nist_800_53_rev_4 = true
nist_800_53_rev_5 = true
nist_csf = true
pci_dss_v321 = true
pci_dss_v40 = true
plugin = aws
service = AWS/EC2
soc_2 = true