Alibaba Cloud launch template data disks are not encrypted
Description
This policy ensures that the data disks in an Alibaba Cloud ECS Launch Template are encrypted. Encrypting data disks helps protect sensitive data from unauthorized access and ensures data confidentiality and integrity. Encryption is essential for compliance with many regulatory standards and best practices.
Failing to encrypt data disks can result in data breaches, unauthorized access, and potential non-compliance with regulatory requirements.
Code Example
go
resource "alicloud_ecs_launch_template" "example" {
...
data_disks {
+ encrypted = true
}
}Remediation
Terraform
- Resource: alicloud_ecs_launch_template
- Arguments: data_disks.encrypted
To mitigate this issue, ensure the `encrypted` attribute in the `data_disks` block of the `alicloud_ecs_launch_template` resource is set to `true`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0032 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_32 |