EC2/EBS Encryption Gap / Certificate Failure Diagnostic Troubleshooter (Part 3)
Use the interactive troubleshooter below to identify your EC2/EBS encryption gap or certificate failure symptom, review the raw evidence, understand the root cause, and apply the recommended fix.
🚨 Step 1: What specific error symptom are you experiencing?
Please click the most accurate description:
Quick Reference Table
| # | Scenario | Key Error Signal | Root Cause | The Fix |
|---|---|---|---|---|
| 1 | EBS encryption-by-default not turned on at account/region level | get-ebs-encryption-by-default API/CLI action | The account is not configured to automatically enforce the encryption of new EBS volumes and snapshot copies for the Region. | aws ec2 enable-ebs-encryption-by-default |
| 2 | Legacy TLS 1.0/1.1 and weak ciphers (RC4) enabled on web server | ✗ Old TLS versions are supported. The configuration supports TLS 1.0 (already deprecated) and TLS 1.1 (on a path to deprecation). | The default Apache configuration allows deprecated TLS versions and insecure ciphers like RC4, lacking forward secrecy prioritization. | Add SSLProtocol -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 +TLSv1.2 to /etc/httpd/conf.d/ssl.conf. |