4

An auditor is asking for proof that we've encrypted all the disks on our AWS EC2 VPC. I'd like a way to list all the disks and whether they're encrypted or not.

I know I can build a report with the AWS API (or the CLI) - but I was looking for a simpler approach than that, hopefully with the console.

My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?

hawkeye
  • 1,143
  • 1
  • 9
  • 14
  • A dirty implementation would be pulling that data from the response of a simple awscli descrive-volumes command – Dawny33 May 16 '17 at 11:15
  • thanks @Dawny33 - could you expand on that? Would it be specific to attached volumes? – hawkeye May 16 '17 at 11:38

2 Answers2

2

To get the number of non encrypted volumes you can run this command:

aws ec2 describe-volumes --region <your_region> --filter "Name=encrypted,Values=false" --query "length(Volumes[])"

length will return the length of the array Volumes flattened by the selection operator [] (more details on JMESPath documentation).
As we filter the slection for non encrypted volumes (--filter "Name=encrypted,Values=false") this should allow to demonstrate to the auditor the number is 0 not encrypted volumes.

Same filter can be applied in the console, in the ec2 page, under 'Elastic Block Store' => 'Volumes', type Encrypted : Not Encrypted to filter the view to non encrypted volumes only. you may add Attachment Status : Attached to list only attached volumes.

Tensibai
  • 11,366
  • 2
  • 35
  • 62
0

According to this document you can run command like:

aws ec2 describe-volumes --region us-east-1

(feel free to set region you use) and search for field in json output, named "encrypted"

Romeo Ninov
  • 431
  • 5
  • 16