一千萬個為什麽

搜索

列出哪些附加磁盤在AWS上被加密(而哪些不是)最簡單的方法是什麽?



審計人員要求我們證明我們已經加密所有磁盤在我們的AWS EC2 VPC上。我想要一種列出所有磁盤的方式,以及它們是否加密還是不加密。

我知道我可以使用AWS API (或 CLI ) - 但我是尋找比這更簡單的方法,希望通過控制臺

My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?

轉載註明原文: 列出哪些附加磁盤在AWS上被加密(而哪些不是)最簡單的方法是什麽?

一共有 2 個回答:

要獲得未加密卷的數量,您可以運行以下命令:

aws ec2 describe-volumes --region  --filter "Name=encrypted,Values=false" --query "length(Volumes[])"

length will return the length of the array Volumes flattened by the selection operator [] (more details on JMESPath documentation).
As we filter the slection for non encrypted volumes (--filter "Name=encrypted,Values=false") this should allow to demonstrate to the auditor the number is 0 not encrypted volumes.

Same filter can be applied in the console, in the ec2 page, under 'Elastic Block Store' => 'Volumes', type Encrypted : Not Encrypted to filter the view to non encrypted volumes only. you may add Attachment Status : Attached to list only attached volumes.

根據本文檔,您可以運行命令喜歡:

aws ec2 describe-volumes --region us-east-1

(隨意設置你使用的區域) 並在json輸出中搜索字段,名為“encrypted”