An auditor is asking for proof that we've encrypted all the disks on our AWS EC2 VPC. I'd like a way to list all the disks and whether they're encrypted or not.
I know I can build a report with the AWS API (or the CLI) - but I was looking for a simpler approach than that, hopefully with the console.
My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?
To get the number of non encrypted volumes you can run this command:
aws ec2 describe-volumes --region <your_region> --filter "Name=encrypted,Values=false" --query "length(Volumes[])"
length will return the length of the array Volumes flattened by the selection operator [] (more details on JMESPath documentation).
As we filter the slection for non encrypted volumes (--filter "Name=encrypted,Values=false") this should allow to demonstrate to the auditor the number is 0 not encrypted volumes.
Same filter can be applied in the console, in the ec2 page, under 'Elastic Block Store' => 'Volumes', type Encrypted : Not Encrypted to filter the view to non encrypted volumes only. you may add Attachment Status : Attached to list only attached volumes.
According to this document you can run command like:
aws ec2 describe-volumes --region us-east-1
(feel free to set region you use) and search for field in json output, named "encrypted"
