By enabling encryption on EBS volumes you protect the volume, the disk I/O and any derived snapshots from compromise if intercepted.
Unencrypted sensitive data is vulnerable to compromise.
Enable encryption of EBS volumes
The following example will fail the AVD-AWS-0026 check.
--- Resources: BadExample: Type: AWS::EC2::Volume Properties: Size: 100 AvailabilityZone: !GetAtt Ec2Instance.AvailabilityZone DeletionPolicy: Snapshot
The following example will pass the AVD-AWS-0026 check.
--- Resources: GoodExample: Type: AWS::EC2::Volume Properties: Size: 100 Encrypted: true KmsKeyId: "alias/volumeEncrypt" DeletionPolicy: Snapshot