All Products
Search
Document Center

Elastic Compute Service:EnableDiskEncryptionByDefault

Last Updated:Dec 17, 2024

Enables the Account-level Elastic Block Storage (EBS) Default Encryption feature in a region.

Operation description

Note The Account-level EBS Default Encryption feature is available only in specific regions and to specific users. To use Account-level EBS Default Encryption, submit a ticket.
  • Precautions

    • Only Alibaba Cloud accounts can call this operation.
    • Before you can enable the Account-level EBS Default Encryption feature in a region, you must activate Key Management Service (KMS) in the region.
    • After you enable the Account-level EBS Default Encryption feature in a region, you can purchase only encrypted cloud disks in the region. For more information, see the Limits section of the "Encrypt cloud disks" topic.
  • Considerations

    • After you enable the Account-level EBS Default Encryption feature in a region, new pay-as-you-go and subscription cloud disks in the region must be encrypted. You can use the KMS key configured for the Account-level EBS Default Encryption feature or specify other KMS keys to encrypt the cloud disks.
    • The first time you enable the Account-level EBS Default Encryption feature in a region, the service key in the region is automatically used to encrypt EBS resources.
  • Suggestions

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

ParameterTypeRequiredDescriptionExample
RegionIdstringYes

The region ID. You can call the DescribeRegions operation to query the most recent region list.

cn-hangzhou

Response parameters

ParameterTypeDescriptionExample
object

The response parameters.

RequestIdstring

The request ID.

473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E

Examples

Sample success responses

JSONformat

{
  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"
}

Error codes

HTTP status codeError codeError messageDescription
400InvalidParameter.KMSKeyId.CMKNotEnabledThe CMK needs to be enabled.The customer master key (CMK) is not enabled when KMSKeyId is specified for an encrypted disk. You can call the DescribeKey operation of KMS to query information about the specified CMK.
400InvalidParameter.Encrypted.KmsNotEnabledKMS must be enabled for encrypted disks.KMS is not activated. You must activate KMS before you can encrypt disks.
403Abs.InvalidAction.RegionNotSupportThis region does not support this action.The operation is not supported in the region.
403InvalidOperation.DefaultEncryptionAlreadyEnabledThe specified region is already default encryption settings.The region has enabled cloud disk encryption by default.
403InvalidParameter.RegionIdNotExistsThe specified region does not exists.The region does not exist.
403InvalidParameter.KMSKeyId.KMSUnauthorizedECS service have no right to access your KMS.ECS is not authorized to access your KMS resources.
403InvalidParameter.KMSKeyId.CMKUnauthorizedThe CMK needs to be added ECS tag.-
403InvalidOperation.KMSKeyIdNotFoundThe specified KMSKeyId not found, %s.The associated KMS encryption key cannot be found. Verify that the KMS encryption key is valid.
403InvalidOperation.KMSServiceNotOpenKMS service is currently not open.The KMS service has not been enabled.
403UserNotInTheWhiteListThe user is not in disk white list.You are not authorized to manage the disk. Try again when you are authorized.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2024-12-02The Error code has changedView Change Details