EBS Volume Snapshot Not Encrypted

• Query id: e6b4b943-6883-47a9-9739-7ada9568f8ca
• Query name: EBS Volume Snapshot Not Encrypted
• Platform: Terraform
• Severity: High
• Category: Encryption
• CWE: 311
• URL: Github

Description

The value on AWS EBS Volume Snapshot Encryptation must be true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_ebs_volume" "positive1" {
  availability_zone = "us-west-2a"
  size              = 40
  encrypted         = false

  tags = {
    Name = "HelloWorld"
  }
}

resource "aws_ebs_snapshot" "positive1" {
  volume_id = aws_ebs_volume.positive1.id
  tags {
    Name = "Production"
  }
}

Positive test num. 2 - tf file

resource "aws_ebs_volume" "positive2" {
  availability_zone = "us-west-2a"
  size              = 40

  tags = {
    Name = "HelloWorld"
  }
}

resource "aws_ebs_snapshot" "positive2" {
  volume_id = aws_ebs_volume.positive2.id
  tags {
    Name = "Production"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_ebs_volume" "negative1" {
  availability_zone = "us-west-2a"
  size              = 40
  encrypted         = true

  tags = {
    Name = "HelloWorld"
  }
}

resource "aws_ebs_snapshot" "negative1" {
  volume_id = aws_ebs_volume.negative1.id
  tags {
    Name = "Production"
  }
}