Config Rule For Encrypted Volumes Disabled

• Query id: 7674a686-e4b1-4a95-83d4-1fd53c623d84
• Query name: Config Rule For Encrypted Volumes Disabled
• Platform: Ansible
• Severity: High
• Category: Encryption
• CWE: 311
• URL: Github

Description

Check if AWS config rules do not identify Encrypted Volumes as a source.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

---
- name: foo
  community.aws.aws_config_rule:
    name: test_config_rule
    state: present
    description: 'This AWS Config rule checks for public write access on S3 buckets'
    scope:
      compliance_types:
        - 'AWS::S3::Bucket'
    source:
      owner: AWS
      identifier: 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED'

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: foo
  community.aws.aws_config_rule:
    name: test_config_rule
    state: present
    description: This AWS Config rule checks for public write access on S3 buckets
    scope:
      compliance_types:
      - AWS::S3::Bucket
    source:
      owner: AWS
      identifier: ENCRYPTED_VOLUMES