Config Rule For Encrypted Volumes Disabled
- Query id: 7674a686-e4b1-4a95-83d4-1fd53c623d84
- Query name: Config Rule For Encrypted Volumes Disabled
- Platform: Ansible
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Check if AWS config rules do not identify Encrypted Volumes as a source.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: foo
community.aws.aws_config_rule:
name: test_config_rule
state: present
description: 'This AWS Config rule checks for public write access on S3 buckets'
scope:
compliance_types:
- 'AWS::S3::Bucket'
source:
owner: AWS
identifier: 'S3_BUCKET_PUBLIC_WRITE_PROHIBITED'