ECS data disk KMS key ID undefined

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > ECS data disk KMS key ID undefined

Metadata

Id: f262118c-1ac6-4bb3-8495-cc48f1775b85

Cloud Provider: Alicloud

Platform: Terraform

Severity: High

Category: Encryption

Learn More

Provider Reference

Description

ECS data disks must have the kms_key_id attribute set. This rule flags any alicloud_disk resource missing the kms_key_id attribute. Setting this ensures disks are encrypted using a KMS key and avoids unencrypted storage.

Compliant Code Examples

# Create a new ECS disk.
resource "alicloud_disk" "ecs_disk" {
  # cn-beijing
  availability_zone = "cn-beijing-b"
  name              = "New-disk"
  description       = "Hello ecs disk."
  category          = "cloud_efficiency"
  size              = "30"
  encrypted         = true
  kms_key_id        = "2a6767f0-a16c-4679-a60f-13bf*****"
  tags = {
    Name = "TerraformTest"
  }
}

Non-Compliant Code Examples

# Create a new ECS disk.
resource "alicloud_disk" "ecs_disk" {
  # cn-beijing
  availability_zone = "cn-beijing-b"
  name              = "New-disk"
  description       = "Hello ecs disk."
  category          = "cloud_efficiency"
  size              = "30"
  encrypted         = true
  tags = {
    Name = "TerraformTest"
  }
}