EBS Volume Not Attached To Instances
- Query id: 1819ac03-542b-4026-976b-f37addd59f3b
- Query name: EBS Volume Not Attached To Instances
- Platform: CloudFormation
- Severity: Low
- Category: Availability
- CWE: 200
- URL: Github
Description¶
EBS Volumes that are unattached to instances may contain sensitive data
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: 2010-09-09
Resources:
NewVolume:
Type: AWS::EC2::Volume
Properties:
Size: 100
AvailabilityZone: us-west-1
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Resources": {
"NewVolume": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-west-1",
"Size": 100
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: 2010-09-09
Resources:
NewVolume:
Type: AWS::EC2::Volume
Properties:
Size: 100
AvailabilityZone: us-west-1
MountPoint:
Type: AWS::EC2::VolumeAttachment
Properties:
InstanceId: !Ref Ec2Instance
VolumeId: !Ref NewVolume
Device: /dev/sdh
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Resources": {
"NewVolume": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": 100,
"AvailabilityZone": "us-west-1"
}
},
"MountPoint": {
"Type": "AWS::EC2::VolumeAttachment",
"Properties": {
"VolumeId": "NewVolume",
"Device": "/dev/sdh",
"InstanceId": "Ec2Instance"
}
}
}
}