Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create new_ebs.tf #68

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create new_ebs.tf #68

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions new_ebs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
resource "aws_ebs_volume" "v" {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LOW   AWS EBS Volume not encrypted using Customer Managed Key
    Resource: aws_ebs_volume.v | ID: BC_AWS_GENERAL_109

How to Fix

resource "aws_ebs_volume" "example" {
  availability_zone = "us-west-2a"
  size              = 40
+ kms_key_id = "ckv_kms"
  tags = {
    Name = "HelloWorld"
  }
}

Description

Amazon EBS automatically creates a unique AWS managed key in each Region where you store AWS resources. This KMS key has the alias alias/aws/ebs. By default, Amazon EBS uses this KMS key for encryption. Alternatively, you can specify a symmetric customer managed key that you created as the default KMS key for EBS encryption. Using your own KMS key gives you more flexibility, including the ability to create, rotate, and disable KMS keys.

size = 40
encrypted = false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
encrypted = false
encrypted = true
HIGH   AWS EBS volumes are not encrypted
    Resource: aws_ebs_volume.v | ID: BC_AWS_GENERAL_3

Description

Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss. We recommend you encrypt all data stored in the EBS.

Benchmarks

  • PCI-DSS V3.2.1 3.4
  • PCI-DSS V3.2 3
  • NIST-800-53 SC-2
  • FEDRAMP (MODERATE) SC-28

}