AWS014 - Launch configuration with unencrypted block device.

Written by tfsec

Explanation

Blocks devices should be encrypted to ensure sensitive data is hel securely at rest.

Insecure Example

The following example will fail the AWS014 check.

resource "aws_launch_configuration" "bad_example" {
	root_block_device {
		encrypted = false
	}
}

Secure Example

The following example will pass the AWS014 check.

resource "aws_launch_configuration" "good_example" {
	root_block_device {
		encrypted = true
	}
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html

---