Enable AWS EBS encryption By default

akloya profile image akloya ・1 min read

Based on Jeff Barr Recent Blog AWS make it easier and simpler for you to protect your data from unauthorized access. I feel this should be enabled by anyone who use AWS.

If you prefer to do via AWS CLI then make sure you have updated to latest version of CLI [aws-cli/1.16.169 Python/2.7.10 Darwin/17.7.0 botocore/1.12.159 ]

aws ec2 enable-ebs-encryption-by-default

Note: You will have to run this command in all the regions you operate.

Below is the python script that can help you with enabling it using below for region you interested are

import boto3

# list the regions you are interested to run this script on
regions = ['us-east-1']

for region in regions:
    client = boto3.client('ec2', region)
    response = client.enable_ebs_encryption_by_default()
    print("Default EBS Encryption for region", region,": ",  response['EbsEncryptionByDefault'])

Note: Shared script will use the default ebs key. If you are interested in using different KMS key then use below

response = client.modify_ebs_default_kms_key_id(

Posted on by:

akloya profile



Like to automate & AWS obsessed


Editor guide