Config Rule For Encrypted Volumes Disabled
- Query id: abdb29d4-5ca1-4e91-800b-b3569bbd788c
- Query name: Config Rule For Encrypted Volumes Disabled
- Platform: Terraform
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Check if AWS config rules do not identify Encrypted Volumes as a source.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_config_config_rule" "positive1" {
name = "some_rule"
source {
owner = "AWS"
source_identifier = "IAM_PASSWORD_POLICY"
}
}
resource "aws_config_config_rule" "positive2" {
name = "another_rule"
source {
owner = "AWS"
source_identifier = "IAM_PASSWORD_POLICY"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_config_config_rule" "negative1" {
name = "encrypted_vols_rule"
source {
owner = "AWS"
source_identifier = "ENCRYPTED_VOLUMES"
}
}
resource "aws_config_config_rule" "negative2" {
name = "another_rule"
source {
owner = "AWS"
source_identifier = "IAM_PASSWORD_POLICY"
}
}