1. Answers
  2. Enabling AWS EBS Encryption by Default

How do I enable AWS EBS encryption by default?

To enable AWS EBS encryption by default using Pulumi, we need to configure the aws.ebs.EncryptionByDefault resource. This will ensure that all new EBS volumes created in your AWS account are encrypted by default.

The following Pulumi program demonstrates how to achieve this:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Enable EBS encryption by default
const ebsEncryptionByDefault = new aws.ebs.EncryptionByDefault("ebsEncryptionByDefault", {
    enabled: true,
});

// Export the status of EBS encryption by default
export const encryptionEnabled = ebsEncryptionByDefault.enabled;

Key Points

  • The aws.ebs.EncryptionByDefault resource is used to enable or disable EBS encryption by default in your AWS account.
  • Setting the enabled property to true ensures that all new EBS volumes are encrypted by default.
  • We export the enabled status to verify that the setting has been applied.

Summary

In this example, we configured AWS EBS encryption by default using the aws.ebs.EncryptionByDefault resource in Pulumi. This ensures that all new EBS volumes created in your AWS account are encrypted, enhancing the security of your data.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up