If an AWS AMI is backed by Elastic Block Storage (EBS), there is the ability to encrypt the AMI. Having an EBS-backed AMI that does not have encryption enabled could result in data loss.
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
AWS Amazon Machine Images (AMI) should be encrypted using encrypted EBS snapshots; AMI's created from encrypted EBS snapshots are encrypted by default. To ensure that Encrypt by default is configured on EBS snapshots, follow the steps below.
In AWS Console -
In Terraform -
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ami