EKS Cluster Encryption Disabled
- Query id: 63ebcb19-2739-4d3f-aa5c-e8bbb9b85281
- Query name: EKS Cluster Encryption Disabled
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
EKS Cluster should be encrypted
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
variable "cluster_name" {
default = "example"
type = string
}
resource "aws_eks_cluster" "positive1" {
depends_on = [aws_cloudwatch_log_group.example]
name = var.cluster_name
}
Positive test num. 2 - tf file
variable "cluster_name" {
default = "example"
type = string
}
resource "aws_eks_cluster" "positive2" {
depends_on = [aws_cloudwatch_log_group.example]
name = var.cluster_name
encryption_config {
resources = ["s"]
provider {
key_arn = "test"
}
}
}