EBS Volume Snapshot Not Encrypted
- Query id: e6b4b943-6883-47a9-9739-7ada9568f8ca
- Query name: EBS Volume Snapshot Not Encrypted
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
The value on AWS EBS Volume Snapshot Encryptation must be true
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_ebs_volume" "positive1" {
availability_zone = "us-west-2a"
size = 40
encrypted = false
tags = {
Name = "HelloWorld"
}
}
resource "aws_ebs_snapshot" "positive1" {
volume_id = aws_ebs_volume.positive1.id
tags {
Name = "Production"
}
}
Positive test num. 2 - tf file
resource "aws_ebs_volume" "positive2" {
availability_zone = "us-west-2a"
size = 40
tags = {
Name = "HelloWorld"
}
}
resource "aws_ebs_snapshot" "positive2" {
volume_id = aws_ebs_volume.positive2.id
tags {
Name = "Production"
}
}