Ensure only encrypted EBS volumes are attached to EC2 instances

Error: Not only encrypted EBS volumes are attached to EC2 instances

Bridgecrew Policy ID: BC_AWS_GENERAL_60
Checkov Check ID: CKV2_AWS_2
Severity: LOW

Not only encrypted EBS volumes are attached to EC2 instances

Description

TBA

Fix - Buildtime

Terraform

  • Resource: aws_volume_attachment, aws_instance, aws_ebs_volume
  • Argument: volume_id and instance_id of aws_volume_attachment
resource "aws_instance" "web" {
  ami               = "ami-21f78e11"
  availability_zone = "us-west-2a"
  instance_type     = "t2.micro"

  tags = {
    Name = "HelloWorld"
  }
}

resource "aws_volume_attachment" "ok_attachment1" {
  device_name = "/dev/sdh3"
  volume_id   = aws_ebs_volume.ok_ebs2.id
  instance_id = aws_instance.web.id
}


resource "aws_ebs_volume" "ok_ebs2" {
  availability_zone = ""
  encrypted = true
}

Did this page help you?