4

An auditor is asking for proof that we've encrypted all the disks on our AWS EC2 VPC. I'd like a way to list all the disks and whether they're encrypted or not.

I know I can build a report with the AWS API (or the CLI) - but I was looking for a simpler approach than that, hopefully with the console.

My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?

Improve this question
2
  • A dirty implementation would be pulling that data from the response of a simple awscli descrive-volumes command
    – Dawny33
    Commented May 16, 2017 at 11:15
  • thanks @Dawny33 - could you expand on that? Would it be specific to attached volumes?
    – hawkeye
    Commented May 16, 2017 at 11:38

2 Answers 2

Reset to default
2

To get the number of non encrypted volumes you can run this command:

aws ec2 describe-volumes --region <your_region> --filter "Name=encrypted,Values=false" --query "length(Volumes[])"

length will return the length of the array Volumes flattened by the selection operator [] (more details on JMESPath documentation).
As we filter the slection for non encrypted volumes (--filter "Name=encrypted,Values=false") this should allow to demonstrate to the auditor the number is 0 not encrypted volumes.

Same filter can be applied in the console, in the ec2 page, under 'Elastic Block Store' => 'Volumes', type Encrypted : Not Encrypted to filter the view to non encrypted volumes only. you may add Attachment Status : Attached to list only attached volumes.

Improve this answer
0

According to this document you can run command like:

aws ec2 describe-volumes --region us-east-1

(feel free to set region you use) and search for field in json output, named "encrypted"

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.