AMI Not Encrypted
- Query id: 8bbb242f-6e38-4127-86d4-d8f0b2687ae2
- Query name: AMI Not Encrypted
- Platform: Terraform
- Severity: High
- Category: Encryption
- URL: Github
Description¶
AWS AMI Encryption is not enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_ami" "positive1" {
name = "terraform-example"
virtualization_type = "hvm"
root_device_name = "/dev/xvda"
ebs_block_device {
device_name = "/dev/xvda"
snapshot_id = "snap-xxxxxxxx"
volume_size = 8
}
}
resource "aws_ami" "positive2" {
name = "terraform-example"
virtualization_type = "hvm"
root_device_name = "/dev/xvda1"
ebs_block_device {
device_name = "/dev/xvda1"
snapshot_id = "snap-xxxxxxxx"
volume_size = 8
encrypted = false
}
}
resource "aws_ami" "positive3" {
name = "terraform-example"
virtualization_type = "hvm"
root_device_name = "/dev/xvda1"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
#this code is a correct code for which the query should not find any result
resource "aws_ami" "negative1" {
name = "terraform-example"
virtualization_type = "hvm"
root_device_name = "/dev/xvda2"
ebs_block_device {
device_name = "/dev/xvda2"
snapshot_id = "snap-xxxxxxxx"
volume_size = 8
encrypted = true
}
}