patternMinor
What is the simplest way to list which attached disks are encrypted (and which not) on AWS?
Viewed 0 times
thewhatattachedaresimplestencryptedwayandawswhich
Problem
An auditor is asking for proof that we've encrypted all the disks on our AWS EC2 VPC. I'd like a way to list all the disks and whether they're encrypted or not.
I know I can build a report with the AWS API (or the CLI) - but I was looking for a simpler approach than that, hopefully with the console.
My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?
I know I can build a report with the AWS API (or the CLI) - but I was looking for a simpler approach than that, hopefully with the console.
My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?
Solution
To get the number of non encrypted volumes you can run this command:
As we filter the slection for non encrypted volumes (
Same filter can be applied in the console, in the ec2 page, under 'Elastic Block Store' => 'Volumes', type
aws ec2 describe-volumes --region --filter "Name=encrypted,Values=false" --query "length(Volumes[])"length will return the length of the array Volumes flattened by the selection operator [] (more details on JMESPath documentation).As we filter the slection for non encrypted volumes (
--filter "Name=encrypted,Values=false") this should allow to demonstrate to the auditor the number is 0 not encrypted volumes.Same filter can be applied in the console, in the ec2 page, under 'Elastic Block Store' => 'Volumes', type
Encrypted : Not Encrypted to filter the view to non encrypted volumes only. you may add Attachment Status : Attached to list only attached volumes.Code Snippets
aws ec2 describe-volumes --region <your_region> --filter "Name=encrypted,Values=false" --query "length(Volumes[])"Context
StackExchange DevOps Q#1169, answer score: 2
Revisions (0)
No revisions yet.