Disk Encryption Disabled
- Query id: 39750e32-3fe9-453b-8c33-dd277acdb2cc
- Query name: Disk Encryption Disabled
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
Disks should have encryption enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_disk" "disk_encryption1" {
# cn-beijing
availability_zone = "cn-beijing-b"
name = "New-disk"
description = "Hello ecs disk."
category = "cloud_efficiency"
size = "30"
tags = {
Name = "TerraformTest"
}
}
Positive test num. 2 - tf file
resource "alicloud_disk" "disk_encryption2" {
# cn-beijing
availability_zone = "cn-beijing-b"
name = "New-disk"
description = "Hello ecs disk."
category = "cloud_efficiency"
size = "30"
encrypted = false
kms_key_id = "2a6767f0-a16c-4679-a60f-13bf*****"
tags = {
Name = "TerraformTest"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "alicloud_disk" "disk_encryption3" {
# cn-beijing
availability_zone = "cn-beijing-b"
name = "New-disk"
description = "Hello ecs disk."
category = "cloud_efficiency"
size = "30"
encrypted = true
kms_key_id = "2a6767f0-a16c-4679-a60f-13bf*****"
tags = {
Name = "TerraformTest"
}
}