CodeBuild Project artifacts encryption should not be disabled

Explanation

All artifacts produced by your CodeBuild project pipeline should always be encrypted

Possible Impact

CodeBuild project artifacts are unencrypted

Suggested Resolution

Enable encryption for CodeBuild project artifacts

Insecure Example

The following example will fail the aws-codebuild-enable-encryption check.

resource "aws_codebuild_project" "bad_example" {
	// other config

	artifacts {
		// other artifacts config

		encryption_disabled = true
	}
}

resource "aws_codebuild_project" "bad_example" {
	// other config including primary artifacts

	secondary_artifacts {
		// other artifacts config
		
		encryption_disabled = false
	}

	secondary_artifacts {
		// other artifacts config

		encryption_disabled = true
	}
}

Secure Example

The following example will pass the aws-codebuild-enable-encryption check.

resource "aws_codebuild_project" "good_example" {
	// other config

	artifacts {
		// other artifacts config

		encryption_disabled = false
	}
}

resource "aws_codebuild_project" "good_example" {
	// other config

	artifacts {
		// other artifacts config
	}
}

resource "aws_codebuild_project" "codebuild" {
	// other config

	secondary_artifacts {
		// other artifacts config

		encryption_disabled = false
	}

	secondary_artifacts {
		// other artifacts config
	}
}

Getting Started
Provider Checks
Config
GitHub Actions