Description:
Elastic Compute Cloud (EC2) supports encryption at rest when using the Elastic Block Store (EBS) service. While disabled by default, forcing encryption at EBS volume creation is supported.
Rationale:
Encrypting data at rest reduces the likelihood that it is unintentionally exposed and can nullify the impact of disclosure if the encryption remains unbroken.
From Console:
Note: EBS volume encryption is configured per region.
From Command Line:
aws --region ec2 enable-ebs-encryption-by-default
Note: EBS volume encryption is configured per region.