EFS Not Encrypted
- Query id: 727c4fd4-d604-4df6-a179-7713d3c85e20
- Query name: EFS Not Encrypted
- Platform: Ansible
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Elastic File System (EFS) must be encrypted
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: foo
community.aws.efs:
state: present
name: myTestEFS
encrypt: no
tags:
Name: myTestNameTag
purpose: file-storage
targets:
- subnet_id: subnet-748c5d03
security_groups: ["sg-1a2b3c4d"]
- name: foo2
community.aws.efs:
state: present
name: myTestEFS
encrypt: false
tags:
Name: myTestNameTag
purpose: file-storage
targets:
- subnet_id: subnet-748c5d03
security_groups: ["sg-1a2b3c4d"]
- name: foo3
community.aws.efs:
state: present
name: myTestEFS
tags:
Name: myTestNameTag
purpose: file-storage
targets:
- subnet_id: subnet-748c5d03
security_groups: ["sg-1a2b3c4d"]
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: foo
community.aws.efs:
state: present
name: myTestEFS
encrypt: yes
tags:
Name: myTestNameTag
purpose: file-storage
targets:
- subnet_id: subnet-748c5d03
security_groups: [sg-1a2b3c4d]
- name: foo2
community.aws.efs:
state: present
name: myTestEFS
encrypt: true
tags:
Name: myTestNameTag
purpose: file-storage
targets:
- subnet_id: subnet-748c5d03
security_groups: [sg-1a2b3c4d]