Checks whether the encryption feature is enabled for each Elastic Compute Service (ECS) system disk. If so, the evaluation result is Compliant.
Scenarios
You can enable the encryption feature for each ECS system disk to improve data security. This helps you meet security and regulatory requirements.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
- If the encryption feature is enabled for each ECS system disk, the evaluation result is Compliant.
- If the encryption feature is disabled for an ECS system disk, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see Incompliance remediation.
- This rule does not apply to ECS data disks.
Rule details
| Item | Description |
|---|---|
| Rule name | ecs-system-disk-encrypted |
| Rule identifier | ecs-system-disk-encrypted |
| Tag | ECS and Disk |
| Automatic remediation | Not supported |
| Trigger type | Configuration change |
| Supported resource type | ECS disk |
| Input parameter | None. |
Incompliance remediation
Enable the encryption feature for an ECS system disk. For more information, see Encrypt a system disk.