Remediation
Enable Boot Volume In-Transit Encryptionโ
In-transit encryption for boot and block volumes is available only for virtual machine (VM) instances launched from platform images and for bare metal instances that use one of the following shapes:
BM.Standard.E3.128BM.Standard.E4.128BM.DenseIO.E4.128
In-transit encryption is not supported on other bare metal instance shapes. If the affected instance does not support changing this setting in place, recreate the instance using a supported configuration and enable in-transit encryption during instance creation.
From Oracle Cloud Consoleโ
If the Use in-transit encryption option is available for the affected instance, update the instance configuration:
- Navigate to
https://cloud.oracle.com/compute/instances. - Select the affected instance from the audit results.
- Click More actions or Actions.
- Click Edit.
- Select Show Advanced Options.
- Enable Use in-transit encryption.
- Click Save changes.
If the Use in-transit encryption option is not available for the affected instance, recreate the instance with boot volume in-transit encryption enabled:
- Navigate to
https://cloud.oracle.com/compute/instances. - Select the affected instance from the audit results.
- Click Terminate.
- Determine whether to permanently delete the instance's attached boot volume.
- Click Terminate instance.
- Click Create Instance.
- Fill in the instance details according to your requirements.
- In the Boot volume section, ensure Use in-transit encryption is selected.
- Fill in the remaining details according to your requirements.
- Click Create.
After remediation, confirm that the updated instance shows boot volume in-transit encryption as enabled in Cloudaware after the next data collection cycle.