You can configure your AWS account to apply a default regional encryption setting for your EBS volumes. This prevents you from having to manually select the option of an EBS volume being encrypted, which could be easily missed. Applying a default option ensures that any new EBS volumes created will be encrypted by default and so provides a greater level of protection.
This can be configured from within the AWS Management Console:
- From the AWS Management Console, select EC2 from the Compute category.
- In the top right-hand corner of the console, under Account Attributes, select Settings:
- This will display the following screen:
From here, you can select Always encrypt new EBS volumes so that encryption is done automatically. Additionally, you can select your default key; in this example, I have selected the AWS-managed aws/ebs key.
- Once you have selected your key, select Save Settings.
From this point onward, all new EBS volumes will...