Following the announced new opt-in option regarding the default encryption of EBS Volumes a few days ago, I’ve made a small python script to enable this feature on all AWS regions within an AWS Account. Quick and Dirty Simple.
This is an example, use it at your own risk, and test it before applying to production, as usual :)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
import boto3
AWS_REGION = 'eu-west-1'
session = boto3.Session(region_name=AWS_REGION)
ec2 = session.client('ec2')
def main(event, context):
ec2_regions = [region['RegionName'] for region in ec2.describe_regions()['Regions']]
# For all AWS Regions
for region in ec2_regions:
conn = boto3.client('ec2', region_name=region)
print ("Checking AWS Region: " + region)
status = conn.get_ebs_encryption_by_default()
print ("===="*10)
result = status["EbsEncryptionByDefault"]
if result == True:
print ("Activated, nothing to do")
else:
print("Not activated, activation in progress")
conn.enable_ebs_encryption_by_default()
if __name__ == '__main__':
main(0,0)
|
That’s all folks!
zoph.