Config Rule For Encrypted Volumes Disabled

  • Query id: abdb29d4-5ca1-4e91-800b-b3569bbd788c
  • Query name: Config Rule For Encrypted Volumes Disabled
  • Platform: Terraform
  • Severity: High
  • Category: Encryption
  • CWE: 311
  • URL: Github

Description

Check if AWS config rules do not identify Encrypted Volumes as a source.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_config_config_rule" "positive1" {
  name = "some_rule"

  source {
    owner             = "AWS"
    source_identifier = "IAM_PASSWORD_POLICY"
  }
}

resource "aws_config_config_rule" "positive2" {
  name = "another_rule"

  source {
    owner             = "AWS"
    source_identifier = "IAM_PASSWORD_POLICY"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_config_config_rule" "negative1" {
  name = "encrypted_vols_rule"

  source {
    owner             = "AWS"
    source_identifier = "ENCRYPTED_VOLUMES"
  }
}

resource "aws_config_config_rule" "negative2" {
  name = "another_rule"

  source {
    owner             = "AWS"
    source_identifier = "IAM_PASSWORD_POLICY"
  }
}