amazon-web-services encryption amazon-ec2 aws-cloudformation aws-control-tower

AWS Enable EBS Encryption via cloudformation

Is there a way to create a cloudformation script which enables EBS encryption by default for all organizations? There is a aws config rule for this what I am looking for a remediation for this config rule. https://docs.aws.amazon.com/controltower/latest/userguide/strongly-recommended-guardrails.html#ebs-enable-encryption

Solution

This is currently not possible via CloudFormation. https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/158

Alternatively, you can enforce the policy that only encrypted EBS volumes can be created or attached by adding the following IAM policy statement:

{
  "Sid": "DenyAnythingRelatedToUnencryptedVolume",
  "Effect": "Deny",
  "Action": [
    "ec2:*"
  ],
  "Condition": {
    "Bool": {
      "ec2:Encrypted": "false"
    }
  },
  "Resource": "*"
}

Get single-line json from aws cli
Automatically "stop" Sagemaker notebook instance after inactivity?
AWS Cloudwatch alarm not returning to OK state even though data looks fine
Windows & Linux living together in Kubernetes cluster
AWS CDK for .NET Core hangs at "ApplicationLoadBalancedFargateService" Task
how to add cache control in AWS S3?
AWS Lambda Open Telemetry, Missing Parent Span
API Gateway Custom Authorizer: Control error message and code
VSCode JSON to YAML auto conversion on save
How to add multiple columns in AWS redshift with alter table query
Retrieve one file from AWS Glacier using cli
Email address is not verified (AWS SES)
Terraform - s3 static website wont deploy, telling me I dont have permissions when I do
How to Add Private Subnets with Designated IP Addresses When Creating a VPC Interface Endpoint in AWS CDK
SpringBoot fails to deploy after adding .ebextensions for ngingx SSL -[An error occurred during execution of command [app-deploy]]
What does 0.0.0.0/0 and ::/0 mean?
How to query dynamoDB based on key + attribute?
Getting "No AWS accounts are available to you" when using aws configure sso
Terraform directory Structure for common infrastructure on aws for ADO pipeline
Mysterious TransactionConflict in TransactionCanceledException
Cloudwatch VPC interface endpoint times out
AWS s3 V3 Javascript SDK stream file from bucket (GetObjectCommand)
How to bypass expectation of S3 server 100-contiune response in Boto3 put_object method
Disabling AWS X-ray in FastAPI Lambda application
Cannot Connect To AWS Elasticache Redis Cluster From Local Machine
How do i access AWS SAM-CLI through bash on windows?
Reporting AWS Tools RDS or Redshift?
What does "eksctl create iamserviceaccount" do under the hood on an EKS cluster?
Configure Selenium Nodes without a JSON file
Is there a CLI command on Azure to see console messages of a VM that is not booting up?