GithubJoin us on Slack
Search…
Introduction to OpenRewrite
Getting Started
Quickstart: Maven and Gradle
Recipe Development Environment
Tutorials & Guides
Recipe Testing
Common Static Analysis Issue Remediation
Automatically Fix Checkstyle Violations
Migrate to Java 11 from Java 8
Migrate to JUnit 5 from JUnit 4
Migrate to Spring Boot 2 from Spring Boot 1
Migrate to Quarkus 2 from Quarkus 1
Migrate to Micronaut 3 from Micronaut 2
Migrate to SLF4J from Log4j
Use SLF4J Parameterized Logging
Writing a Java Refactoring Recipe
Modifying Methods with JavaTemplate
Refactoring with Declarative YAML Recipes
Automating Maven Dependency Management
Running Rewrite without build tool plugins
Writing recipes over multiple source file types
Reference
Latest versions of every OpenRewrite module
Maven Plugin Configuration
Gradle Plugin Configuration
JsonPath and JsonPathMatcher Reference
Declarative YAML Format
Method Patterns
Dependency Version Selectors
Recipes
Gradle
Hcl
Java
JSON
Maven
Properties
XML
YAML
CircleCI
Concourse
Github Actions
Kubernetes
Terraform
Add Terraform configuration
Use a long enough byte length for random resources
AWS
Best practices for AWS
Disable Instance Metadata Service version 1
Enable API gateway caching
Enable point-in-time recovery for DynamoDB
Encrypt Aurora clusters
Encrypt CodeBuild projects
Encrypt DAX storage at rest
Encrypt DocumentDB storage
Encrypt EBS snapshots
Encrypt EBS volume launch configurations
Encrypt EBS volumes
Encrypt EFS Volumes in ECS Task Definitions in transit
Encrypt ElastiCache Redis at rest
Encrypt ElastiCache Redis in transit
Encrypt Neptune storage
Encrypt RDS clusters
Encrypt Redshift storage at rest
Ensure AWS CMK rotation is enabled
Ensure AWS EFS with encryption for data at rest is enabled
Ensure AWS EKS cluster endpoint access is publicly disabled
Ensure AWS Elasticsearch domain encryption for data at rest is enabled
Ensure AWS Elasticsearch domains have EnforceHTTPS enabled
Ensure AWS Elasticsearch has node-to-node encryption enabled
Ensure AWS IAM password policy has a minimum of 14 characters
Ensure AWS Lambda function is configured for function-level concurrent execution limit
Ensure AWS Lambda functions have tracing enabled
Ensure AWS RDS database instance is not publicly accessible
Ensure AWS S3 object versioning is enabled
Ensure Amazon EKS control plane logging enabled for all log types
Ensure CloudTrail log file validation is enabled
Ensure EC2 is EBS optimized
Ensure ECR repositories are encrypted
Ensure IAM password policy expires passwords within 90 days or less
Ensure IAM password policy prevents password reuse
Ensure IAM password policy requires at least one lowercase letter
Ensure IAM password policy requires at least one number
Ensure IAM password policy requires at least one symbol
Ensure IAM password policy requires at least one uppercase letter
Ensure Kinesis Stream is securely encrypted
Ensure RDS database has IAM authentication enabled
Ensure RDS instances have Multi-AZ enabled
Ensure VPC subnets do not assign public IP by default
Ensure data stored in an S3 bucket is securely encrypted at rest
Ensure detailed monitoring for EC2 instances is enabled
Ensure enhanced monitoring for Amazon RDS instances is enabled
Ensure respective logs of Amazon RDS are enabled
Ensure the S3 bucket has access logging enabled
Make ECR tags immutable
Scan images pushed to ECR
Use HTTPS for Cloudfront distribution
Azure
GCP
Search
Concepts & Explanations
Abstract Syntax Trees
Recipes
Visitors
Styles
Environment
Markers
JavaTemplate
Pointcut Expressions
Design Partners
Design Partner 1
Powered By GitBook
Encrypt EBS volume launch configurations
** org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration** EBS volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling. When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.

Tags

  • CKV_AWS_8
  • terraform
  • AWS

Source

  • groupId: org.openrewrite.recipe
  • artifactId: rewrite-terraform
  • version: 1.6.0

Usage

This recipe has no required configuration options and can be activated directly after taking a dependency on org.openrewrite.recipe:rewrite-terraform:1.6.0 in your build file:
Gradle
Maven
build.gradle
1
plugins {
2
id("org.openrewrite.rewrite") version("5.22.2")
3
}
4
​
5
rewrite {
6
activeRecipe("org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration")
7
}
8
​
9
repositories {
10
mavenCentral()
11
}
12
​
13
dependencies {
14
rewrite("org.openrewrite.recipe:rewrite-terraform:1.6.0")
15
}
Copied!
pom.xml
1
<project>
2
<build>
3
<plugins>
4
<plugin>
5
<groupId>org.openrewrite.maven</groupId>
6
<artifactId>rewrite-maven-plugin</artifactId>
7
<version>4.25.0</version>
8
<configuration>
9
<activeRecipes>
10
<recipe>org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration</recipe>
11
</activeRecipes>
12
</configuration>
13
<dependencies>
14
<dependency>
15
<groupId>org.openrewrite.recipe</groupId>
16
<artifactId>rewrite-terraform</artifactId>
17
<version>1.6.0</version>
18
</dependency>
19
</dependencies>
20
</plugin>
21
</plugins>
22
</build>
23
</project>
Copied!
Recipes can also be activated directly from the command line by adding the argument -Drewrite.activeRecipesorg.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration

Definition

Recipe List
Yaml Recipe List
1
---
2
type: specs.openrewrite.org/v1beta/recipe
3
name: org.openrewrite.terraform.aws.EncryptEBSVolumeLaunchConfiguration
4
displayName: Encrypt EBS volume launch configurations
5
description: EBS volumes allow you to create encrypted launch configurations when creating EC2 instances and auto scaling. When the entire EBS volume is encrypted, data stored at rest on the volume, disk I/O, snapshots created from the volume, and data in-transit between EBS and EC2 are all encrypted.
6
tags:
7
- CKV_AWS_8
8
- terraform
9
- AWS
10
recipeList:
11
- org.openrewrite.terraform.AddConfiguration:
12
resourceName: aws_launch_configuration
13
content: root_block_device {
14
encrypted = true
15
}
Copied!
Previous
Encrypt EBS snapshots
Next
Encrypt EBS volumes
Last modified 5d ago
Export as PDF
Copy link
Contents
Tags
Source
Usage
Definition