Instances and Launch configurations with unencrypted EBS volumes is detected. Ensure that encryption should be implemented to enhance security of data stored in the launch configuration EBS.
1resource "aws_launch_configuration" "demo" {
2 associate_public_ip_address = true
3 iam_instance_profile = aws_iam_instance_profile.demo-node.name
4 image_id = data.aws_ami.eks-worker.id
5 instance_type = "t2.large"
6 name_prefix = "terraform-eks-demo"
7 security_groups = [aws_security_group.demo-node.id]
8 user_data_base64 = base64encode(local.demo-node-userdata)
9 metadata_options {
10 http_endpoint = "enabled"
11 http_tokens = "required"
12 }
13 # Noncompliant: All data stored in the Launch configuration or instance Elastic Blocks Store is not encrypted.
14 lifecycle {
15 create_before_destroy = true
16 }
17}
1resource "aws_launch_configuration" "demo" {
2 associate_public_ip_address = true
3 iam_instance_profile = aws_iam_instance_profile.demo-node.name
4 image_id = data.aws_ami.eks-worker.id
5 instance_type = "t2.large"
6 name_prefix = "terraform-eks-demo"
7 security_groups = [aws_security_group.demo-node.id]
8 user_data_base64 = base64encode(local.demo-node-userdata)
9 metadata_options {
10 http_endpoint = "enabled"
11 http_tokens = "required"
12 }
13 # Compliant: All data stored in the Launch configuration or instance Elastic Blocks Store is securely encrypted.
14 root_block_device {
15 encrypted = true
16 }
17 lifecycle {
18 create_before_destroy = true
19 }
20}