1. Answers
  2. Deploy AWS EBS Encryption by Default

How do I deploy AWS EBS encryption by default?

To enable EBS encryption by default, you’ll use AWS Account Settings. This configuration ensures that all EBS volumes created in your account are encrypted by default without needing to specify encryption each time.

Here’s a step-by-step guide to achieve this:

  1. AWS Provider: We need to configure the AWS provider, which will let us interact with AWS resources.
  2. EBS Encryption by Default: Enable the default encryption setting for EBS volumes.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const _default = new aws.ebs.EncryptionByDefault("default", {enabled: true});
export const ebsEncryptionByDefaultArn = _default.id;

Summary

In this example, we configured the AWS provider and enabled EBS volume encryption by default using aws_ebs_encryption_by_default. This ensures that all newly created EBS volumes in the specified region are encrypted automatically.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up