EBS Volume Encryption Disabled
- Query id: 4b6012e7-7176-46e4-8108-e441785eae57
- Query name: EBS Volume Encryption Disabled
- Platform: Ansible
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
EBS volumes should be encrypted
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Creating EBS volume01
amazon.aws.ec2_vol:
instance: XXXXXX
encrypted: no
volume_size: 50
volume_type: gp2
device_name: /dev/xvdf
- name: Creating EBS volume02
amazon.aws.ec2_vol:
instance: XXXXXX
encrypted: false
volume_size: 50
volume_type: gp2
device_name: /dev/xvdf
- name: Creating EBS volume03
amazon.aws.ec2_vol:
instance: XXXXXX
encrypted: "false"
volume_size: 50
volume_type: gp2
device_name: /dev/xvdf
- name: Creating EBS volume04
amazon.aws.ec2_vol:
instance: XXXXXX
volume_size: 50
volume_type: gp2
device_name: /dev/xvdf
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Creating EBS volume05
amazon.aws.ec2_vol:
instance: XXXXXX
encrypted: yes
volume_size: 50
volume_type: gp2
device_name: /dev/xvdf
- name: Creating EBS volume06
amazon.aws.ec2_vol:
instance: XXXXXX
encrypted: 'True'
volume_size: 50
volume_type: gp2
device_name: /dev/xvdf