Create main.tf #106
Create main.tf #106
Conversation
![prisma-cloud-devsecops[bot]](https://avatars.githubusercontent.com/in/135857?s=60&v=4){kind=small}
| @@ -0,0 +1,3 @@ | |||
| resource "aws_ebs_volume" "v" { | |||
There was a problem hiding this comment.
AWS EBS Volume not encrypted using Customer Managed Key
Resource: aws_ebs_volume.v | Checkov ID: CKV_AWS_189
How to Fix
resource "aws_ebs_volume" "example" {
availability_zone = "us-west-2a"
size = 40
+ kms_key_id = "ckv_kms"
tags = {
Name = "HelloWorld"
}
}Description
Amazon EBS automatically creates a unique AWS managed key in each Region where you store AWS resources.
This KMS key has the alias alias/aws/ebs.
By default, Amazon EBS uses this KMS key for encryption.
Alternatively, you can specify a symmetric customer managed key that you created as the default KMS key for EBS encryption.
Using your own KMS key gives you more flexibility, including the ability to create, rotate, and disable KMS keys.
| @@ -0,0 +1,3 @@ | |||
| resource "aws_ebs_volume" "v" { | |||
There was a problem hiding this comment.
fail always 2
Resource: aws_ebs_volume.v | Policy ID: 927241494778216448_AWS_1684176445066
Description
fail| @@ -0,0 +1,3 @@ | |||
| resource "aws_ebs_volume" "v" { | |||
There was a problem hiding this comment.
AWS resources that support tags do not have Tags
Resource: aws_ebs_volume.v | Checkov ID: CKV_AWS_CUSTOM_1
How to Fix
resource "aws_security_group" "sg" {
name = "my-sg"
...
+ tags = {
+ Environment = "dev"
+ Owner = "apps-team"
+ }
}Description
Many AWS resources support tags. Without tags, it is difficult to organize, manage and track resources.
Tags allow you to add metadata to a resource to help identify ownership, perform cost / billing analysis, and to enrich a resource with other valuable information, such as descriptions and environment names.
While there are many ways that tags can be used, we recommend you follow a tagging practice.
View AWS's recommended tagging best practices https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf[here].
| @@ -0,0 +1,3 @@ | |||
| resource "aws_ebs_volume" "v" { | |||
There was a problem hiding this comment.
fail always 3
Resource: aws_ebs_volume.v | Policy ID: 927241494778216448_AWS_1684760158123
Description
fail| @@ -0,0 +1,3 @@ | |||
| resource "aws_ebs_volume" "v" { | |||
There was a problem hiding this comment.
fail always
Resource: aws_ebs_volume.v | Policy ID: 927241494778216448_AWS_1679497236765
Description
fail| @@ -0,0 +1,3 @@ | |||
| resource "aws_ebs_volume" "v" { | |||
|
|
|||
| } | |||
There was a problem hiding this comment.
AWS EBS volumes are not encrypted
Resource: aws_ebs_volume.v | Checkov ID: CKV_AWS_3
Description
Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed.
AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots.
Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
We recommend you encrypt all data stored in the EBS.
No description provided.