Thursday, January 31, 2019

HowTo - Check the encryption status of additional EBS volumes

HowTo - Check the encryption status of additional EBS volumes

With couple of week's of AWS experience, we all must have come across the EBS[Elastic Block Volumes] while using EC2 or EMR

As a CIS benchmark standard, all volumes be it the Root or additionally mounted EBS volumes attached to EC2 or EMR should be encrypted.  Non-adherence would be reported in AWS Config reports if config rules for CIS Benchmarks evaluation has been added

Root volumes & EBS Volumes can be encrypted by mapping them with default key or KMS ARN but let us see the how the status of encryption is being reported in AWS Console, Volumes view

If you have identified that EBS volume is shown as un-encrypted though you have selected security configuration for Encryption while creating cluster/EC2, then connect to the instance in discussion and apply the below command to see the encryption status of the additional volumes

sudo dmsetup status

By default, only root volumes' status is reported in AWS console and for checking the status of mount volumes attached, we need to apply the above command to see the output as 'crypt' in the instance

Note: If the instances are launched using the encrypted snapshots then the console would report them as encrypted

No comments:

Post a Comment