Class EbsDefaultVolumeEncryptionConfig

SecurityConfig / CentralSecurityServicesConfig / EbsDefaultVolumeEncryptionConfig

AWS EBS default encryption configuration. Use this configuration to enable enforced encryption of new EBS volumes and snapshots created in an AWS environment.

Example

Deployment targets:

ebsDefaultVolumeEncryption:
    enable: true
    kmsKey: ExampleKey
    deploymentTargets:
      organizationalUnits:
        - Workloads

Excluded regions:

ebsDefaultVolumeEncryption:
    enable: true
    kmsKey: ExampleKey
    excludeRegions: []

Hierarchy

  • EbsDefaultVolumeEncryptionConfig

Implements

Constructors

constructor

Properties

deploymentTargets enable excludeRegions kmsKey

Constructors

constructor

Properties

Readonly deploymentTargets

deploymentTargets: undefined | DeploymentTargets = undefined

(OPTIONAL) Deployment targets for EBS default volume encryption

Remarks

You can limit the OUs, accounts, and regions that EBS default volume encryption is deployed to. Please only specify one of the deploymentTargets or excludeRegions properties. deploymentTargets allows you to be more granular about where default EBS volume encryption is enabled across your environment.

See

DeploymentTargets

Readonly enable

enable: false = false

Indicates whether AWS EBS volume have default encryption enabled.

Readonly excludeRegions

excludeRegions: string[] = []

(OPTIONAL) List of AWS Region names to be excluded from configuring AWS EBS volume default encryption

Remarks

Using this property limits deployment of default EBS volume encryption for an entire enabled region. For more granularity, please use the deploymentTargets property instead. Do not specify both excludeRegions and deploymentTargets.

Readonly kmsKey

kmsKey: undefined | string = undefined

(OPTIONAL) KMS key to encrypt EBS volume.

Remarks

Note: When no value is provided Landing Zone Accelerator will create the KMS key.

Settings

Member Visibility

Theme

Generated using TypeDoc