My question is: What is the simplest way to list which attached disks are encrypted (and which not) on AWS?
aws ec2 describe-volumes --region --filter "Name=encrypted,Values=false" --query "length(Volumes)"
length will return the length of the array
Volumes flattened by the selection operator
 (more details on JMESPath documentation).
As we filter the slection for non encrypted volumes (
"Name=encrypted,Values=false") this should allow to
demonstrate to the auditor the number is 0 not encrypted
Same filter can be applied in the console, in the ec2 page,
under 'Elastic Block Store' => 'Volumes', type
Not Encrypted to filter the view to non encrypted volumes
only. you may add
Attachment Status : Attached to list
only attached volumes.