CodeBuild Not Encrypted
- Query id: d7467bb6-3ed1-4c82-8095-5e7a818d0aad
- Query name: CodeBuild Not Encrypted
- Platform: CloudFormation
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
CodeBuild Project should be encrypted, which means 'EncryptionKey' should be defined
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: 2010-09-09
Description: A sample template
Resources:
CodeBuildProject:
Project:
Type: AWS::CodeBuild::Project
Properties:
Name: myProjectName
Description: A description about my project
ServiceRole: !GetAtt ServiceRole.Arn
Artifacts:
Type: no_artifacts
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/java:openjdk-8
EnvironmentVariables:
- Name: varName
Type: varType
Value: varValue
Source:
Location: codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c
Type: S3
TimeoutInMinutes: 10
Tags:
- Key: Key1
Value: Value1
- Key: Key2
Value: Value2
Positive test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Description": "A sample template",
"Resources": {
"CodeBuildProject": {
"Project": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"Description": "A description about my project",
"ServiceRole": "ServiceRole.Arn",
"Artifacts": {
"Type": "no_artifacts"
},
"Environment": {
"Image": "aws/codebuild/java:openjdk-8",
"EnvironmentVariables": [
{
"Name": "varName",
"Type": "varType",
"Value": "varValue"
}
],
"Type": "LINUX_CONTAINER",
"ComputeType": "BUILD_GENERAL1_SMALL"
},
"Source": {
"Location": "codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c",
"Type": "S3"
},
"TimeoutInMinutes": 10,
"Tags": [
{
"Key": "Key1",
"Value": "Value1"
},
{
"Key": "Key2",
"Value": "Value2"
}
],
"Name": "myProjectName"
}
}
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: 2010-09-09
Description: A sample template
Resources:
CodeBuildProject:
Project:
Type: AWS::CodeBuild::Project
Properties:
Name: myProjectName
Description: A description about my project
EncryptionKey: "alias/alias-name"
ServiceRole: !GetAtt ServiceRole.Arn
Artifacts:
Type: no_artifacts
Environment:
Type: LINUX_CONTAINER
ComputeType: BUILD_GENERAL1_SMALL
Image: aws/codebuild/java:openjdk-8
EnvironmentVariables:
- Name: varName
Type: varType
Value: varValue
Source:
Location: codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c
Type: S3
TimeoutInMinutes: 10
Tags:
- Key: Key1
Value: Value1
- Key: Key2
Value: Value2
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09T00:00:00Z",
"Description": "A sample template",
"Resources": {
"CodeBuildProject": {
"Project": {
"Type": "AWS::CodeBuild::Project",
"Properties": {
"Name": "myProjectName",
"Description": "A description about my project",
"TimeoutInMinutes": 10,
"EncryptionKey": "alias/alias-name",
"ServiceRole": "ServiceRole.Arn",
"Artifacts": {
"Type": "no_artifacts"
},
"Environment": {
"Type": "LINUX_CONTAINER",
"ComputeType": "BUILD_GENERAL1_SMALL",
"Image": "aws/codebuild/java:openjdk-8",
"EnvironmentVariables": [
{
"Name": "varName",
"Type": "varType",
"Value": "varValue"
}
]
},
"Source": {
"Location": "codebuild-demo-test/0123ab9a371ebf0187b0fe5614fbb72c",
"Type": "S3"
},
"Tags": [
{
"Key": "Key1",
"Value": "Value1"
},
{
"Key": "Key2",
"Value": "Value2"
}
]
}
}
}
}
}