檢查連接的 Amazon EBS 磁碟區是否已加密,以及選擇性地使用指定的KMS金鑰加密。COMPLIANT如果連接的EBS磁碟區未加密或使用不在提供參數中的KMS金鑰加密,則規則為 NON _。 識別碼:ENCRYPTED_ VOLUMES 資源類型:AWS::EC2::Volume 觸發類型: Configuration changes (組態變更) ...
creating a custom encrypted AMI from the public AMI, and then sharing the custom AMI with encrypted EBS snapshots across accounts and regions. This approach allows you to launchAmazon EC2instances globally from multiple accounts by using the same base-encrypted AMI.Note:...
In func Prepare of ami_config.go packer seems to validate that AMIs with encrypted boot volumes cannot be shared. This validation is only correct for the specific case of using the default KMS key aws/ebs, but generally AWS allows sharing AMIs when using a CMK. error message: 1 error(s)...
In this blog post, I walk through the process of creating a backup of encrypted Amazon EBS volumes. Then, I verify theAWS Key Management Service (AWS KMS)keys used to encrypt the backups. Once the backup is created in the source account’s Region, I perform a one-time copy o...
Checks if attached Amazon EBS volumes are encrypted and optionally are encrypted with a specified KMS key. The rule is NON_COMPLIANT if attached EBS volumes are unencrypted or are encrypted with a KMS key not in the supplied parameters.
Amazon Elastic Block Store (EBS) EC2 block storage volumes Amazon Elastic File System (EFS) Fully managed file system for EC2 Amazon FSx for Lustre High-performance file system integrated with S3 Amazon FSx for NetApp ONTAP Fully managed storage built on NetApp’s popular...
将加密的 Amazon Elastic Block Store (Amazon EBS) 卷附加到 Amazon EC2 实例会导致 Amazon EC2 向 AWS KMS 发送请求,以解密卷的加密数据密钥。此请求来自与 EC2 实例关联的 IP 地址,而不是用户的 IP 地址。这意味着如果设置了 SourceIp 条件,则解密请求将被拒绝,并且实例失败。 使用kms:ViaService 条件密钥...
Verifica se i EBS volumi Amazon collegati sono crittografati e, facoltativamente, sono crittografati con una KMS chiave specificata. La regola è NON _ COMPLIANT se EBS i volumi allegati non sono crittografati o sono crittografati con una KMS chiave non
Überprüft, ob angehängte EBS Amazon-Volumes verschlüsselt und optional mit einem angegebenen KMS Schlüssel verschlüsselt sind. Die Regel lautet NON _, COMPLIANT wenn angehängte EBS Volumes unverschlüsselt oder mit einem KMS Schlüssel versc
Verifica se EBS os volumes anexados da Amazon estão criptografados e, opcionalmente, são criptografados com uma KMS chave especificada. A regra é NON _ COMPLIANT se EBS os volumes anexados não estiverem criptografados ou forem criptografados co