Elastic Block Store is a web service that provides block-level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used as a hard drive.
EBS encrypts your volume with a data key using the industry-standard AES-256 algorithm. Unencrypted EBS volumes mean that data stored in your AWS EBS volumes might be at risk of a potential security attack.
You can configure your AWS account to enforce the encryption of the new EBS volumes and snapshot copies that you create. For example, Amazon EBS encrypts the EBS volumes created when you launch an instance and the snapshots that you copy from an unencrypted snapshot.
By default, new EBS volumes aren't encrypted.
Using AWS CLI:
Run get-ebs-encryption-by-default command (OSX/Linux/UNIX) using custom query filters to describe whether EBS encryption by default is enabled for your AWS cloud account in the selected region:
aws ec2 get-ebs-encryption-by-default --region us-east-1 --query 'EbsEncryptionByDefault'
Using AWS CLI:
Run enable-ebs-encryption-by-default command (OSX/Linux/UNIX) to enable encryption by default for all the Amazon EBS volumes that will be created in the selected AWS cloud region:
aws ec2 get-ebs-encryption-by-default
To disable default encryption follow the implementation steps and uncheck the enable checkBox under Always encrypt new EBS volumes.
Encryption by default is a Region-specific setting. If encryption is enabled for a Region, it can't be disabled for individual volumes or snapshots in that Region.