Alibaba Cloud Disk is not encrypted with Customer Master Key

Description

Encrypting your disk with a Customer Master Key (CMK) helps protect your data from unauthorized access or tampering. Using a CMK ensures that only authorized users with the correct permissions and access to the key can decrypt and access the data. This encryption method provides enhanced control over your data security, including key rotation, access auditing, and compliance with organizational policies and industry standards.

Code Example

resource "alicloud_disk" "example" {
  ...
+  encrypted   = true
+  kms_key_id  = "1234abcd-12ab-34cd-56ef-1234567890ab" # Replace with your CMK ID
}

Remediation

Terraform

Resource: alicloud_disk
Arguments: encrypted, kms_key_id

To mitigate this issue, ensure the `encrypted` attribute is set to `true` and specify a `kms_key_id` to use a Customer Master Key for disk encryption.

Example:

Rule Details

Field	Value
ID	IAC-0008
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_8

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud Disk is not encrypted with Customer Master Key

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud Disk is not encrypted with Customer Master Key ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud Disk is not encrypted with Customer Master Key

Description

Code Example

Remediation

Rule Details

References