CodeBuild Project artifacts encryption should not be disabled
All artifacts produced by your CodeBuild project pipeline should always be encrypted
Impact
CodeBuild project artifacts are unencrypted
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Enable encryption for CodeBuild project artifacts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Resources:
GoodProject:
Type: AWS::CodeBuild::Project
Properties:
Artifacts:
ArtifactIdentifier: "String"
EncryptionDisabled: false
Location: "String"
Name: "String"
NamespaceType: "String"
OverrideArtifactName: false
Packaging: "String"
Path: "String"
Type: "String"
SecondaryArtifacts:
- ArtifactIdentifier: "String"
EncryptionDisabled: false
Location: "String"
Name: "String"
NamespaceType: "String"
OverrideArtifactName: false
Packaging: "String"
Path: "String"
Type: "String"
|
Enable encryption for CodeBuild project artifacts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
resource "aws_codebuild_project" "good_example" {
// other config
artifacts {
// other artifacts config
encryption_disabled = false
}
}
resource "aws_codebuild_project" "good_example" {
// other config
artifacts {
// other artifacts config
}
}
resource "aws_codebuild_project" "codebuild" {
// other config
secondary_artifacts {
// other artifacts config
encryption_disabled = false
}
secondary_artifacts {
// other artifacts config
}
}
|
Links