NAS File System Without KMS

Query id: 5f670f9d-b1b4-4c90-8618-2288f1ab9676
Query name: NAS File System Without KMS
Platform: Terraform
Severity: High
Category: Encryption
URL: Github

Description¶

NAS File System should have encryption provided by user KMS
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "alicloud_nas_file_system" "foo" {
  protocol_type = "NFS"
  storage_type  = "Performance"
  description   = "tf-testAccNasConfig"
}

Positive test num. 2 - tf file

resource "alicloud_nas_file_system" "fooabr" {
  protocol_type = "NFS"
  storage_type  = "Performance"
  description   = "tf-testAccNasConfig"
  encrypt_type  = "0"
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "alicloud_nas_file_system" "foo" {
  protocol_type = "NFS"
  storage_type  = "Performance"
  description   = "tf-testAccNasConfig"
  encrypt_type  = "2"
  kms_key_id = "1234abcd-12ab-34cd-56ef-1234567890ab"
}