AMI Not Encrypted

• Query id: 97707503-a22c-4cd7-b7c0-f088fa7cf830
• Query name: AMI Not Encrypted
• Platform: Ansible
• Severity: Medium
• Category: Encryption
• CWE: 311
• URL: Github

Description

AWS AMI Encryption is not enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: Basic AMI Creation
  amazon.aws.ec2_ami:
    instance_id: i-xxxxxx
    device_mapping:
      device_name: /dev/sda
      encrypted: no
    wait: yes
    name: newtest
    tags:
      Name: newtest
      Service: TestService
- name: Basic AMI Creation2
  amazon.aws.ec2_ami:
    instance_id: i-xxxxxx
    device_mapping:
      device_name: /dev/sda
    wait: yes
    name: newtest
    tags:
      Name: newtest
      Service: TestService

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: Basic AMI Creation
  amazon.aws.ec2_ami:
    instance_id: i-xxxxxx
    device_mapping:
      device_name: /dev/sda
      encrypted: yes
    wait: yes
    name: newtest
    tags:
      Name: newtest
      Service: TestService