Readonly
deployment(OPTIONAL) Deployment targets for EBS default volume encryption
You can limit the OUs, accounts, and regions that EBS default volume encryption is deployed to. Please
only specify one of the deploymentTargets
or excludeRegions
properties. deploymentTargets
allows you
to be more granular about where default EBS volume encryption is enabled across your environment.
Readonly
enableIndicates whether AWS EBS volume have default encryption enabled.
Readonly
exclude(OPTIONAL) List of AWS Region names to be excluded from configuring AWS EBS volume default encryption
Using this property limits deployment of default EBS volume encryption for an entire enabled region. For more
granularity, please use the deploymentTargets
property instead. Do not specify both excludeRegions
and deploymentTargets
.
Readonly
kms(OPTIONAL) KMS key to encrypt EBS volume.
Note: When no value is provided Landing Zone Accelerator will create the KMS key.
Generated using TypeDoc
SecurityConfig / CentralSecurityServicesConfig / EbsDefaultVolumeEncryptionConfig
AWS EBS default encryption configuration. Use this configuration to enable enforced encryption of new EBS volumes and snapshots created in an AWS environment.
Example
Deployment targets:
Excluded regions: