DEV Community

loading...

Enable AWS EBS encryption By default

akloya
Like to automate & AWS obsessed
・1 min read

Based on Jeff Barr Recent Blog AWS make it easier and simpler for you to protect your data from unauthorized access. I feel this should be enabled by anyone who use AWS.

If you prefer to do via AWS CLI then make sure you have updated to latest version of CLI [aws-cli/1.16.169 Python/2.7.10 Darwin/17.7.0 botocore/1.12.159 ]

aws ec2 enable-ebs-encryption-by-default

Enter fullscreen mode Exit fullscreen mode

Note: You will have to run this command in all the regions you operate.

Below is the python script that can help you with enabling it using below for region you interested are

import boto3

# list the regions you are interested to run this script on
regions = ['us-east-1']

for region in regions:
    client = boto3.client('ec2', region)
    response = client.enable_ebs_encryption_by_default()
    print("Default EBS Encryption for region", region,": ",  response['EbsEncryptionByDefault'])

Enter fullscreen mode Exit fullscreen mode

Note: Shared script will use the default ebs key. If you are interested in using different KMS key then use below

response = client.modify_ebs_default_kms_key_id(
    KmsKeyId='string'
)
Enter fullscreen mode Exit fullscreen mode

Discussion (0)