Enable Default Encryption for EBS (Worldwide)
source link: https://zoph.me/posts/2019-06-10-ebs-default-encryption/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Enable Default Encryption for EBS (Worldwide)
Following the announced new opt-in option regarding the default encryption of EBS Volumes a few days ago, I’ve made a small python script to enable this feature on all AWS regions within an AWS Account. Quick and Dirty Simple.
This is an example, use it at your own risk, and test it before applying to production, as usual :)
import boto3
AWS_REGION = 'eu-west-1'
session = boto3.Session(region_name=AWS_REGION)
ec2 = session.client('ec2')
def main(event, context):
ec2_regions = [region['RegionName'] for region in ec2.describe_regions()['Regions']]
# For all AWS Regions
for region in ec2_regions:
conn = boto3.client('ec2', region_name=region)
print ("Checking AWS Region: " + region)
status = conn.get_ebs_encryption_by_default()
print ("===="*10)
result = status["EbsEncryptionByDefault"]
if result == True:
print ("Activated, nothing to do")
else:
print("Not activated, activation in progress")
conn.enable_ebs_encryption_by_default()
if __name__ == '__main__':
main(0,0)
That’s all folks!
zoph.
ebsencryptionsecurityawsautomationinfosec
133 Words
2019-06-10 11:37 +0000
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK