Config Rule For Encrypted Volumes Disabled
- Query id: 1b6322d9-c755-4f8c-b804-32c19250f2d9
- Query name: Config Rule For Encrypted Volumes Disabled
- Platform: CloudFormation
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Check if AWS config rules do not identify Encrypted Volumes as a source.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
ConfigRule:
Type: AWS::Config::ConfigRule
Properties:
ConfigRuleName: access-keys-rotated
InputParameters:
maxAccessKeyAge: 100
Source:
Owner: AWS
SourceIdentifier: ACCESS_KEYS_ROTATED
MaximumExecutionFrequency: TwentyFour_Hours
Positive test num. 2 - json file
{
"Resources": {
"ConfigRule": {
"Type": "AWS::Config::ConfigRule",
"Properties": {
"ConfigRuleName": "access-keys-rotated",
"InputParameters": {
"maxAccessKeyAge": 100
},
"Source": {
"Owner": "AWS",
"SourceIdentifier": "ACCESS_KEYS_ROTATED"
},
"MaximumExecutionFrequency": "TwentyFour_Hours"
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
Resources:
ConfigRule:
Type: AWS::Config::ConfigRule
Properties:
ConfigRuleName: access-keys-rotated
InputParameters:
maxAccessKeyAge: 90
Source:
Owner: AWS
SourceIdentifier: ENCRYPTED_VOLUMES
MaximumExecutionFrequency: TwentyFour_Hours
Negative test num. 2 - json file
{
"Resources": {
"ConfigRule": {
"Type": "AWS::Config::ConfigRule",
"Properties": {
"MaximumExecutionFrequency": "TwentyFour_Hours",
"ConfigRuleName": "access-keys-rotated",
"InputParameters": {
"maxAccessKeyAge": 90
},
"Source": {
"SourceIdentifier": "ENCRYPTED_VOLUMES",
"Owner": "AWS"
}
}
}
}
}