All Products
Search
Document Center

Cloud Config:ecs-disk-all-encrypted-by-kms

Last Updated:Jun 08, 2026

Evaluates as Compliant when KMS encryption is enabled for all ECS disks, including system disks and data disks.

Scenarios

KMS encryption for ECS disks improves data security and integrity and helps meet compliance requirements in multi-tenant environments.

Risk level

Default risk level: medium.

You can change the risk level when you apply this rule.

Compliance evaluation logic

  • If KMS encryption is enabled for all ECS disks (system and data disks), the evaluation result is Compliant.

  • If KMS encryption is disabled for an ECS disk, the evaluation result is Non-compliant.

Rule details

Parameter

Description

Rule name

ecs-disk-all-encrypted-by-kms

Rule identifier

ecs-disk-all-encrypted-by-kms

Tag

Disk

Automatic remediation

Not supported

Trigger type

Configuration change

Supported resource type

ECS disks

Input parameter

None

Non-compliance remediation

Enable KMS encryption for ECS disks to improve data security and integrity. For more information, see Encrypt a system disk.