encrypted-volumes - AWS Config


Checks if attached Amazon EBS volumes are encrypted and optionally are encrypted with a specified KMS key. The rule is NON_COMPLIANT if attached EBS volumes are unencrypted or are encrypted with a KMS key not in the supplied parameters.


Resource Types: AWS::EC2::Volume

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Africa (Cape Town), Asia Pacific (Osaka), Europe (Milan), Israel (Tel Aviv) Region


kmsId (Optional)
Type: String

ID or ARN of the KMS key that is used to encrypt the volume.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.