Evaluates as Compliant when KMS encryption is enabled for all ECS disks, including system disks and data disks.
Scenarios
KMS encryption for ECS disks improves data security and integrity and helps meet compliance requirements in multi-tenant environments.
Risk level
Default risk level: medium.
You can change the risk level when you apply this rule.
Compliance evaluation logic
-
If KMS encryption is enabled for all ECS disks (system and data disks), the evaluation result is Compliant.
-
If KMS encryption is disabled for an ECS disk, the evaluation result is Non-compliant.
Rule details
|
Parameter |
Description |
|
Rule name |
ecs-disk-all-encrypted-by-kms |
|
Rule identifier |
|
|
Tag |
Disk |
|
Automatic remediation |
Not supported |
|
Trigger type |
Configuration change |
|
Supported resource type |
ECS disks |
|
Input parameter |
None |
Non-compliance remediation
Enable KMS encryption for ECS disks to improve data security and integrity. For more information, see Encrypt a system disk.