EBS Volume Encryption Disabled

  • Query id: 4b6012e7-7176-46e4-8108-e441785eae57
  • Query name: EBS Volume Encryption Disabled
  • Platform: Ansible
  • Severity: High
  • Category: Encryption
  • CWE: 311
  • URL: Github

Description

EBS volumes should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Creating EBS volume01
  amazon.aws.ec2_vol:
    instance: XXXXXX
    encrypted: no
    volume_size: 50
    volume_type: gp2
    device_name: /dev/xvdf
- name: Creating EBS volume02
  amazon.aws.ec2_vol:
    instance: XXXXXX
    encrypted: false
    volume_size: 50
    volume_type: gp2
    device_name: /dev/xvdf
- name: Creating EBS volume03
  amazon.aws.ec2_vol:
    instance: XXXXXX
    encrypted: "false"
    volume_size: 50
    volume_type: gp2
    device_name: /dev/xvdf
- name: Creating EBS volume04
  amazon.aws.ec2_vol:
    instance: XXXXXX
    volume_size: 50
    volume_type: gp2
    device_name: /dev/xvdf

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Creating EBS volume05
  amazon.aws.ec2_vol:
    instance: XXXXXX
    encrypted: yes
    volume_size: 50
    volume_type: gp2
    device_name: /dev/xvdf
- name: Creating EBS volume06
  amazon.aws.ec2_vol:
    instance: XXXXXX
    encrypted: 'True'
    volume_size: 50
    volume_type: gp2
    device_name: /dev/xvdf