SecurityConfig / CentralSecurityServicesConfig / EbsDefaultVolumeEncryptionConfig

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default | AWS EBS default encryption configuration Use this configuration to enable enforced encryption of new EBS volumes and snapshots created in an AWS environment.

Example

ebsDefaultVolumeEncryption:
enable: true
kmsKey: ExampleKey
excludeRegions: []

Hierarchy

  • EbsDefaultVolumeEncryptionConfig

Implements

Constructors

Properties

Constructors

Properties

enable: false = false

Indicates whether AWS EBS volume have default encryption enabled.

excludeRegions: ("af-south-1" | "ap-east-1" | "ap-south-1" | "ap-southeast-1" | "ap-southeast-2" | "ap-southeast-3" | "ap-northeast-1" | "ap-northeast-2" | "ap-northeast-3" | "ca-central-1" | "eu-central-1" | "eu-west-1" | "eu-west-2" | "eu-west-3" | "eu-north-1" | "eu-south-1" | "eu-south-2" | "me-central-1" | "me-south-1" | "sa-east-1" | "us-east-1" | "us-east-2" | "us-west-1" | "us-west-2" | "cn-north-1" | "cn-northwest-1" | "eu-central-2" | "ap-south-2" | "us-gov-west-1" | "us-gov-east-1" | "us-iso-east-1" | "us-iso-west-1" | "us-isob-east-1" | "ap-southeast-4")[] = []

(OPTIONAL) List of AWS Region names to be excluded from configuring AWS EBS volume default encryption

kmsKey: undefined | string = undefined

(OPTIONAL) KMS key to encrypt EBS volume.

Remarks

Note: When no value is provided Landing Zone Accelerator will create the KMS key.

Generated using TypeDoc