EFS volumes in ECS task definitions do not have encryption in transit enabled

Description

This check examines ECS tasks, and checks the definitions for EFS and if attached that the transit is encrypted.

Code Example

resource "aws_ecs_task_definition" "example" {
  ...
  family                = "service"
  volume {
        ...
+     transit_encryption      = "ENABLED"
      }
    }
  }
  ...
}

Remediation

AWS Console

TBA === Fix - Buildtime

Terraform

Resource: aws_ecs_task_definition
Arguments: efs_volume_configuration/transit_encryption needs to ENABLED if there is an attached EFS.

Rule Details

Field	Value
ID	IAC-0150
Severity	HIGH
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_97

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

EFS volumes in ECS task definitions do not have encryption in transit enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

EFS volumes in ECS task definitions do not have encryption in transit enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

EFS volumes in ECS task definitions do not have encryption in transit enabled

Description

Code Example

Remediation

Rule Details

References