Ensure EBS Snapshots are Encrypted at Rest with CMK

Elastic Block Store (EBS) snapshots are direct images of a point in time of your volumes that are directly connected to your compute instances. Sensitive data may be housed on your EBS snapshots and this is why it is a security best practice to ensure your data is encrypted at rest. This will also help you with NIST, HIPPA, GDPR & PCI-DSS compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the EC2 service at: https://console.aws.amazon.com/ec2
  • On the EC2 Dashboard in the main panel, Under Resources select the Snapshots link.

 

 

  • In the main panel you have a list of all your snapshots. Under the Encryption column you see the current status. If listed as Not Encrypted you are not enforcing encryption. If listed as Encrypted and under KMS Key Alias you see aws/ebs you are not using a Customer Manged Key (CMK)
  • Select the Snapshot that is currently not encrypted or that is encrypted with the default aws/ebs key.

 

 

  • At the top left corner of the page, select Actions then choose Copy.

 

 

  • Under Copy Snapshot Select Encrypt this snapshot next to Encryption.
  • Under Copy Snapshot Select as master key you have created in the KMS service next to Master Key.
  • Press the Copy button.

 

 

  • You can now safely delete the Snapshot that you made the copy from.
  • Select the Instance that you have noted from previous steps.
  • Set the Device to use the same name that it was set to previously.
  • Repeat steps for each volume that you have listed as Not Encrypted.
  • Repeat steps for each Region that you have volumes in.
  • Repeat steps for each AWS account that you have.
See all of your AWS EC2 Instances in a single place!

Do you want to see all of your AWS EC2 Instances in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.
demo.intelligentdiscovery.io

 

Other Key Features

Inventory

Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +