Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
This recipe has no required configuration options. It can be activated by adding a dependency on org.openrewrite.recipe:rewrite-terraform:2.1.7 in your build file or by running a shell command (in which case no build changes are needed):
---type:specs.openrewrite.org/v1beta/recipename:org.openrewrite.terraform.aws.EncryptEBSVolumesdisplayName:Encrypt EBS volumesdescription: Encrypting EBS volumes ensures that replicated copies of your images are secure even if they are accidentally exposed. AWS EBS encryption uses AWS KMS customer master keys (CMK) when creating encrypted volumes and snapshots. Storing EBS volumes in their encrypted state reduces the risk of data exposure or data loss.
tags: - CKV_AWS_3 - terraform - AWSrecipeList: - org.openrewrite.terraform.AddConfiguration:resourceName:aws_ebs_volumecontent:encrypted = true
See how this recipe works across multiple open-source repositories
The community edition of the Moderne platform enables you to easily run recipes across thousands of open-source repositories.
Please contact Moderne for more information about safely running the recipes on your own codebase in a private SaaS.