Disk encryption disabled

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Disk encryption disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: 39750e32-3fe9-453b-8c33-dd277acdb2cc

Cloud Provider: Alicloud

Platform: Terraform

Severity: Medium

Category: Encryption

Learn More

Provider Reference

Description

Alicloud disks (alicloud_disk) should have encryption enabled.

The rule flags resources where the encrypted attribute is explicitly set to false (issue type IncorrectValue) or where both the encrypted and snapshot_id attributes are missing (issue type MissingAttribute).

Remediation is to set encrypted to true (replacement) or add encrypted = true (addition).

Compliant Code Examples

resource "alicloud_disk" "disk_encryption3" {
  # cn-beijing
  availability_zone = "cn-beijing-b"
  name              = "New-disk"
  description       = "Hello ecs disk."
  category          = "cloud_efficiency"
  size              = "30"
  encrypted         = true
  kms_key_id        = "2a6767f0-a16c-4679-a60f-13bf*****"
  tags = {
    Name = "TerraformTest"
  }
}

Non-Compliant Code Examples

resource "alicloud_disk" "disk_encryption2" {
  # cn-beijing
  availability_zone = "cn-beijing-b"
  name              = "New-disk"
  description       = "Hello ecs disk."
  category          = "cloud_efficiency"
  size              = "30"
  encrypted         = false
  kms_key_id        = "2a6767f0-a16c-4679-a60f-13bf*****"
  tags = {
    Name = "TerraformTest"
  }
}

resource "alicloud_disk" "disk_encryption1" {
  # cn-beijing
  availability_zone = "cn-beijing-b"
  name              = "New-disk"
  description       = "Hello ecs disk."
  category          = "cloud_efficiency"
  size              = "30"
  tags = {
    Name = "TerraformTest"
  }
}