Amazon Elastic Compute Cloud
API Reference (API Version 2016-11-15)

EnableEbsEncryptionByDefault

Enables EBS encryption by default for your account in the current Region.

After you enable encryption by default, the EBS volumes that you create are are always encrypted, either using the default CMK or the CMK that you specified when you created each volume. For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide.

You can specify the default CMK for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.

Enabling encryption by default has no effect on the encryption status of your existing volumes.

After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported Instance Types.

Request Parameters

For more information about required and optional parameters that are common to all actions, see Common Query Parameters.

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No

Response Elements

The following elements are returned by the service.

ebsEncryptionByDefault

The updated status of encryption by default.

Type: Boolean

requestId

The ID of the request.

Type: String

Errors

For information about the errors that are common to all actions, see Common Client Errors.

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: