https://andrewbaker.ninja/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css

πŸ‘1views
Example IAM Policy to Enforce EBS encryption

CloudScale SEO — AI Article Summary
What it isThis policy uses IAM conditions to automatically require encryption whenever EBS volumes are created by EC2 instances.
Why it mattersIt prevents accidental creation of unencrypted volumes, which could expose sensitive data and violate compliance requirements.
Key takeawayUse IAM conditional policies to enforce encryption at the infrastructure level rather than relying on manual processes.
Related Articles

Here is a useful IAM conditional policy which will force EBS volumes to be encrypted when created by an EC2 instances.

Powered by CloudScale 
{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Sid": "Stmt2222222222222",
       "Effect": "Allow",
       "Action": [
         "ec2:CreateVolume"
       ],
       "Condition": {
         "Bool": {
           "ec2:Encrypted": "true"
         }
       },
       "Resource": [
         "*"
       ]
     },
     {
       "Sid": "Stmt1111111111111",
       "Effect": "Allow",
       "Action": [
         "ec2:DescribeVolumes",
         "ec2:DescribeAvailabilityZones",
         "ec2:CreateTags",
         "kms:ListAliases"
       ],
       "Resource": [
         "*"
       ]
     },
     {
       "Sid": "allowKmsKey",
       "Effect": "Allow",
       "Action": [
         "kms:Encrypt"
       ],
       "Resource": [
         "arn:aws:kms:us-east-1:999999999999:alias/aws/ebs"
       ]
     }
   ]
 }

You Might Also Like

One thought on “
πŸ‘1views
Example IAM Policy to Enforce EBS encryption”

Leave a Reply

Your email address will not be published. Required fields are marked *