AMI Not Encrypted

  • Query id: 97707503-a22c-4cd7-b7c0-f088fa7cf830
  • Query name: AMI Not Encrypted
  • Platform: Ansible
  • Severity: Medium
  • Category: Encryption
  • CWE: 311
  • URL: Github

Description

AWS AMI Encryption is not enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Basic AMI Creation
  amazon.aws.ec2_ami:
    instance_id: i-xxxxxx
    device_mapping:
      device_name: /dev/sda
      encrypted: no
    wait: yes
    name: newtest
    tags:
      Name: newtest
      Service: TestService
- name: Basic AMI Creation2
  amazon.aws.ec2_ami:
    instance_id: i-xxxxxx
    device_mapping:
      device_name: /dev/sda
    wait: yes
    name: newtest
    tags:
      Name: newtest
      Service: TestService

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Basic AMI Creation
  amazon.aws.ec2_ami:
    instance_id: i-xxxxxx
    device_mapping:
      device_name: /dev/sda
      encrypted: yes
    wait: yes
    name: newtest
    tags:
      Name: newtest
      Service: TestService