CodeBuild Not Encrypted

  • Query id: a1423864-2fbc-4f46-bfe1-fbbf125c71c9
  • Query name: CodeBuild Not Encrypted
  • Platform: Ansible
  • Severity: Medium
  • Category: Encryption
  • URL: Github

Description

CodeBuild Project should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: My project
  community.aws.aws_codebuild:
    description: My nice little project v2
    service_role: "arn:aws:iam::123123:role/service-role/code-build-service-role"
    source:
      type: CODEPIPELINE
      buildspec: ''
    artifacts:
      namespaceType: NONE
      packaging: NONE
      type: CODEPIPELINE
      name: my_project
    environment:
      computeType: BUILD_GENERAL1_SMALL
      privilegedMode: "true"
      image: "aws/codebuild/docker:17.09.0"
      type: LINUX_CONTAINER
    region: us-east-1
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: My project v2
  community.aws.aws_codebuild:
    description: My nice little project
    service_role: arn:aws:iam::123123:role/service-role/code-build-service-role
    source:
      type: CODEPIPELINE
      buildspec: ''
    artifacts:
      namespaceType: NONE
      packaging: NONE
      type: CODEPIPELINE
      name: my_project
    environment:
      computeType: BUILD_GENERAL1_SMALL
      privilegedMode: 'true'
      image: aws/codebuild/docker:17.09.0
      type: LINUX_CONTAINER
    encryption_key: arn:aws:kms:us-east-1:123123:alias/aws/s3
    region: us-east-1
    state: present