AWS EC2 Auto Scaling Launch Configuration is not using encrypted EBS volumes
Description
Amazon Elastic Block Store (EBS) volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling. When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.
Code Example
shell
{
"aws autoscaling create-launch-configuration
--launch-configuration-name my-launch-config
--image-id ami-c6169af6
--instance-type m1.medium
--encrypted true",
}Remediation
- AWS Console*
To change the policy using the AWS Console, follow these steps:
. Log in to the AWS Management Console at https://console.aws.amazon.com/.
. Open the * https://console.aws.amazon.com/ec2/ [Amazon EC2 console]*.
. Navigate to * Auto Scaling*.
. Create a new launch configuration.
. Add an * encrypted EBS volume* (Add Storage).
- CLI Command*
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0062 |
| Severity | INFO |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_8 |