Overview
This report evaluates the encryption at rest configuration across your AWS environment. Ensuring all services and data stores are properly encrypted using AWS Key Management Service (KMS) or other encryption tools is critical to maintaining data confidentiality and meeting compliance standards.
This assessment helps you:
- Identify services or resources that are not encrypted at rest
- Improve compliance with internal policies and external regulations (e.g., SOC2, HIPAA, GDPR)
- Reduce risk of data breaches or unauthorized access
- Ensure consistent use of customer-managed or AWS-managed KMS keys
The report includes resource-level findings to enable quick remediation and improved posture.
Services and Evaluation Criteria
Amazon EC2
- EC2 Instances Encrypted Volumes
- EBS Volume Encryption
- EBS Snapshot Encryption
- EC2 AMI Encryption
Amazon S3
- Bucket Encryption
- Default KMS Encryption
Amazon RDS
- Storage Encryption
- Snapshot Encryption
AWS Backup
- Recovery Points Encryption
Amazon OpenSearch (Elasticsearch)
Amazon CloudWatch Logs
Amazon CloudFront
Amazon ECR
Amazon SQS
Amazon SNS
Amazon EKS
Amazon Redshift
AWS SageMaker
- Instance Storage Encryption
- Job Volume Encryption
- Endpoint Encryption
AWS Glue
- Dev Endpoint S3, CloudWatch, Bookmark Encryption
- Job S3, CloudWatch, Bookmark Encryption
- Catalog Metadata and ML Transform Encryption
Amazon API Gateway
Amazon DynamoDB
- Custom KMS Key Encryption
- DAX Encryption
Amazon EFS
Amazon DocumentDB
Amazon FSx
Amazon Neptune
- Storage Encryption
- Cluster Snapshot Encryption
Amazon MSK
- Custom KMS Key Encryption
Amazon ElastiCache (Redis)
Amazon Kinesis
AWS CodeBuild
- S3 Logs Encryption
- Project Artifact Encryption
- Report Group Encryption
AWS AppSync
AWS Athena
Amazon Workspaces
- User Volume Encryption
- Root Volume Encryption
You will receive a full report detailing encryption status for all relevant resources and services, helping you identify misconfigurations and prioritize remediation steps.