Following the announced new opt-in option regarding the default encryption of EBS Volumes a few days ago, I’ve made a small python script to enable this feature on all AWS regions within an AWS Account. Quick and Dirty Simple.

ebs default encryption

This is an example, use it at your own risk, and test it before applying to production, as usual :)

import boto3

AWS_REGION = 'eu-west-1'
session = boto3.Session(region_name=AWS_REGION)
ec2 = session.client('ec2')

def main(event, context):
    ec2_regions = [region['RegionName'] for region in ec2.describe_regions()['Regions']]
    # For all AWS Regions
    for region in ec2_regions:
        conn = boto3.client('ec2', region_name=region)
        print ("Checking AWS Region: " + region)
        status = conn.get_ebs_encryption_by_default()
        print ("===="*10)
        result = status["EbsEncryptionByDefault"]
        if result == True:
            print ("Activated, nothing to do")
            print("Not activated, activation in progress")

if __name__ == '__main__':

That’s all folks!