Encrypt EBS volumes
org.openrewrite.terraform.aws.EncryptEBSVolumes
Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
- CKV_AWS_3
- terraform
- AWS
- groupId: org.openrewrite.recipe
- artifactId: rewrite-terraform
- version: 2.0.4
This recipe has no required configuration options. It can be activated by adding a dependency on
org.openrewrite.recipe:rewrite-terraform:2.0.4 in your build file or by running a shell command (in which case no build changes are needed):Gradle
Gradle init script
Maven POM
Maven Command Line
- 1.Add the following to your
build.gradlefile:
build.gradle
plugins {
id("org.openrewrite.rewrite") version("6.3.11")
}
rewrite {
activeRecipe("org.openrewrite.terraform.aws.EncryptEBSVolumes")
}
repositories {
mavenCentral()
}
dependencies {
rewrite("org.openrewrite.recipe:rewrite-terraform:2.0.4")
}
- 2.Run
gradle rewriteRunto run the recipe.
- 1.Create a file named
init.gradlein the root of your project.
init.gradle
initscript {
repositories {
maven { url "https://plugins.gradle.org/m2" }
}
dependencies { classpath("org.openrewrite:plugin:6.3.11") }
}
rootProject {
plugins.apply(org.openrewrite.gradle.RewritePlugin)
dependencies {
rewrite("org.openrewrite.recipe:rewrite-terraform:2.0.4")
}
rewrite {
activeRecipe("org.openrewrite.terraform.aws.EncryptEBSVolumes")
}
afterEvaluate {
if (repositories.isEmpty()) {
repositories {
mavenCentral()
}
}
}
}
- 2.Run
gradle --init-script init.gradle rewriteRunto run the recipe.
- 1.Add the following to your
pom.xmlfile:
pom.xml
<project>
<build>
<plugins>
<plugin>
<groupId>org.openrewrite.maven</groupId>
<artifactId>rewrite-maven-plugin</artifactId>
<version>5.5.2</version>
<configuration>
<activeRecipes>
<recipe>org.openrewrite.terraform.aws.EncryptEBSVolumes</recipe>
</activeRecipes>
</configuration>
<dependencies>
<dependency>
<groupId>org.openrewrite.recipe</groupId>
<artifactId>rewrite-terraform</artifactId>
<version>2.0.4</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
</project>
- 2.Run
mvn rewrite:runto run the recipe.
shell
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
-Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-terraform:RELEASE \
-Drewrite.activeRecipes=org.openrewrite.terraform.aws.EncryptEBSVolumes
Recipe List
Yaml Recipe List
- resourceName:
aws_ebs_volume - content:
encrypted = true
---
type: specs.openrewrite.org/v1beta/recipe
name: org.openrewrite.terraform.aws.EncryptEBSVolumes
displayName: Encrypt EBS volumes
description: Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
tags:
- CKV_AWS_3
- terraform
- AWS
recipeList:
- org.openrewrite.terraform.AddConfiguration:
resourceName: aws_ebs_volume
content: encrypted = true
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.