EFS Without KMS
- Query id: bd77554e-f138-40c5-91b2-2a09f878608e
- Query name: EFS Without KMS
- Platform: Ansible
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Amazon Elastic Filesystem should have filesystem encryption enabled using KMS CMK customer-managed keys instead of AWS managed-keys
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: foo
community.aws.efs:
state: present
name: myTestEFS
encrypt: no
tags:
Name: myTestNameTag
purpose: file-storage
targets:
- subnet_id: subnet-748c5d03
security_groups: ["sg-1a2b3c4d"]