CodeBuild Not Encrypted

• Query id: a1423864-2fbc-4f46-bfe1-fbbf125c71c9
• Query name: CodeBuild Not Encrypted
• Platform: Ansible
• Severity: Medium
• Category: Encryption
• CWE: 311
• URL: Github

Description

CodeBuild Project should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: My project
  community.aws.aws_codebuild:
    description: My nice little project v2
    service_role: "arn:aws:iam::123123:role/service-role/code-build-service-role"
    source:
      type: CODEPIPELINE
      buildspec: ''
    artifacts:
      namespaceType: NONE
      packaging: NONE
      type: CODEPIPELINE
      name: my_project
    environment:
      computeType: BUILD_GENERAL1_SMALL
      privilegedMode: "true"
      image: "aws/codebuild/docker:17.09.0"
      type: LINUX_CONTAINER
    region: us-east-1
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: My project v2
  community.aws.aws_codebuild:
    description: My nice little project
    service_role: arn:aws:iam::123123:role/service-role/code-build-service-role
    source:
      type: CODEPIPELINE
      buildspec: ''
    artifacts:
      namespaceType: NONE
      packaging: NONE
      type: CODEPIPELINE
      name: my_project
    environment:
      computeType: BUILD_GENERAL1_SMALL
      privilegedMode: 'true'
      image: aws/codebuild/docker:17.09.0
      type: LINUX_CONTAINER
    encryption_key: arn:aws:kms:us-east-1:123123:alias/aws/s3
    region: us-east-1
    state: present