ecs-disk-all-encrypted-by-kms - Cloud Config - Alibaba Cloud Documentation Center

Checks whether KMS encryption is enabled for all ECS disks, including system disks and data disks. If so, the evaluation result is Compliant.

Scenarios

We recommend that you enable KMS encryption for ECS disks. This helps you improve data security and integrity and meet compliance requirements in multi-tenant scenarios.

Risk level

Default risk level: medium.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

If KMS encryption is enabled for all ECS disks, including system disks and data disks, the evaluation result is Compliant.
If KMS encryption is disabled for an ECS disk, the evaluation result is Non-compliant.

Rule details

Parameter	Description
Rule name	ecs-disk-all-encrypted-by-kms
Rule identifier	ecs-disk-all-encrypted-by-kms
Tag	Disk
Automatic remediation	Not supported
Trigger type	Configuration change
Supported resource type	ECS disks
Input parameter	None

Non-compliance remediation

Enable KMS encryption for ECS disks to improve data security and integrity. For more information, see Encrypt a system disk.