Launch Configuration Is Not Encrypted
- Query id: 66477506-6abb-49ed-803d-3fa174cd5f6a
- Query name: Launch Configuration Is Not Encrypted
- Platform: Ansible
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Launch Configurations should have the data in the volumes encrypted. To encrypt the data, the 'encrypted' parameter should be set to true in each volume
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
- name: note that encrypted volumes are only supported in >= Ansible 2.4
community.aws.ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: ['group', 'group2' ]
instance_type: t1.micro
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
encrypted: no
- name: note that encrypted volumes are only supported in >= Ansible 2.4 v2
ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: ['group', 'group2' ]
instance_type: t1.micro
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
- name: note that encrypted volumes are only supported in >= Ansible 2.4 v3
ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: ['group', 'group2' ]
instance_type: t1.micro
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: note that encrypted volumes are only supported in >= Ansible 2.4 v4
ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: [group, group2]
instance_type: t1.micro
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
encrypted: yes
- name: note that encrypted volumes are only supported in >= Ansible 2.4 v5
community.aws.ec2_lc:
name: special
image_id: ami-XXX
key_name: default
security_groups: [group, group2]
instance_type: t1.micro
volumes:
- device_name: /dev/sda1
volume_size: 100
volume_type: io1
iops: 3000
delete_on_termination: true
encrypted: yes