Instance with unencrypted block device.
Block devices should be encrypted to ensure sensitive data is held securely at rest.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Turn on encryption for all block devices
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
Resources:
GoodExample:
Type: AWS::EC2::Instance
Properties:
BlockDeviceMappings:
- DeviceName: /dev/sdm
Ebs:
DeleteOnTermination: "false"
Encrypted: true
Iops: "200"
VolumeSize: "20"
VolumeType: io1
ImageId: ami-79fd7eee
KeyName: testkey
UserData: export SSM_PATH=/database/creds
|
Turn on encryption for all block devices
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
resource "aws_instance" "good_example" {
ami = "ami-7f89a64f"
instance_type = "t1.micro"
root_block_device {
encrypted = true
}
ebs_block_device {
device_name = "/dev/sdg"
volume_size = 5
volume_type = "gp2"
delete_on_termination = false
encrypted = true
}
}
|
Links