Checks whether encryption is enabled for each Elastic Compute Service (ECS) data disk.
Scenarios
You can enable encryption for ECS data disks so that data is stored as ciphertext on the ECS data disks. After you enable the encryption feature for an ECS data disk, the system automatically encrypts data when the data is written to the disk and decrypts data when the data is read from the disk. This improves the security of data storage.
Risk level
Default risk level: medium.
You can change the risk level as required when you apply this rule.
Compliance evaluation logic
- If encryption is enabled for each ECS data disk, the evaluation result is compliant.
- If encryption is disabled for an ECS data disk, the evaluation result is non-compliant. For more information about how to correct the non-compliant configuration, see Non-compliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-disk-encrypted |
| Rule ID | ecs-disk-encrypted |
| Tag | ECS and Disk |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ECS disk |
| Input parameter | None |
Non-compliance remediation
For more information about how to enable encryption for ECS data disks, see Encrypt a data disk.