Checks whether the encryption feature is enabled for each Elastic Compute Service (ECS) data disk that is in use. If so, the configuration is considered compliant.
Scenarios
You can enable the encryption feature for each ECS data disk to improve the security of data. This helps you meet security requirements and the requirements of regulations.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the encryption feature is enabled for each ECS data disk that is in use, the configuration is considered compliant.
- If the encryption feature is disabled for an ECS data disk that is in use, the configuration is considered incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-in-use-disk-encrypted |
| Rule identifier | ecs-in-use-disk-encrypted |
| Tag | ECS and Disk |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ECS disk |
| Input parameter | None. |
Incompliance remediation
ecs-disk-encrypted For more information, see Encrypt a data disk.