DOCDB Cluster Not Encrypted
- Query id: bc1f9009-84a0-490f-ae09-3e0ea6d74ad6
- Query name: DOCDB Cluster Not Encrypted
- Platform: Terraform
- Severity: High
- Category: Encryption
- URL: Github
Description¶
AWS DOCDB Cluster storage should be encrypted
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "aws_docdb_cluster" "docdb" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
}
resource "aws_docdb_cluster" "docdb_2" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
storage_encrypted = false
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_docdb_cluster" "docdb" {
cluster_identifier = "my-docdb-cluster"
engine = "docdb"
master_username = "foo"
master_password = "mustbeeightchars"
backup_retention_period = 5
preferred_backup_window = "07:00-09:00"
skip_final_snapshot = true
storage_encrypted = true
}