SecurityConfig / CentralSecurityServicesConfig / EbsDefaultVolumeEncryptionConfig

AWS EBS default encryption configuration.

Description

Use this configuration to enable enforced encryption of new EBS volumes and snapshots created in an AWS environment.

Example

Deployment targets:

ebsDefaultVolumeEncryption:
enable: true
kmsKey: ExampleKey
deploymentTargets:
organizationalUnits:
- Workloads

Excluded regions:

ebsDefaultVolumeEncryption:
enable: true
kmsKey: ExampleKey
excludeRegions: []

Hierarchy

  • EbsDefaultVolumeEncryptionConfig

Implements

Constructors

Properties

deploymentTargets?: DeploymentTargets

(OPTIONAL) Deployment targets for EBS default volume encryption

Remarks

You can limit the OUs, accounts, and regions that EBS default volume encryption is deployed to. Please only specify one of the deploymentTargets or excludeRegions properties. deploymentTargets allows you to be more granular about where default EBS volume encryption is enabled across your environment.

See

DeploymentTargets

enable: false = false

Indicates whether AWS EBS volume have default encryption enabled.

excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-south-2" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-central-2" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4" | "il-central-1" | "ca-west-1")[] = []

(OPTIONAL) List of AWS Region names to be excluded from configuring AWS EBS volume default encryption

kmsKey: undefined | string = undefined

(OPTIONAL) KMS key to encrypt EBS volume.

Remarks

Note: When no value is provided Landing Zone Accelerator will create the KMS key.

Generated using TypeDoc