Config Rule For Encrypted Volumes Disabled

  • Query id: 7674a686-e4b1-4a95-83d4-1fd53c623d84
  • Query name: Config Rule For Encrypted Volumes Disabled
  • Platform: Ansible
  • Severity: Medium
  • Category: Encryption
  • URL: Github

Description

Check if AWS config rules do not identify Encrypted Volumes as a source.
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
---
- name: foo
  community.aws.aws_config_rule:
    name: test_config_rule
    state: present
    description: 'This AWS Config rule checks for public write access on S3 buckets'
    scope:
      compliance_types:
        - 'AWS::S3::Bucket'
    source:
      owner: AWS
      identifier: 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED'

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: foo
  community.aws.aws_config_rule:
    name: test_config_rule
    state: present
    description: This AWS Config rule checks for public write access on S3 buckets
    scope:
      compliance_types:
      - AWS::S3::Bucket
    source:
      owner: AWS
      identifier: ENCRYPTED_VOLUMES