Launch configuration with unencrypted block device.
Default Severity: high
Explanation
Block devices should be encrypted to ensure sensitive data is held securely at rest.
Possible Impact
The block device could be compromised and read from
Suggested Resolution
Turn on encryption for all block devices
Insecure Example
The following example will fail the aws-ec2-enable-launch-config-at-rest-encryption check.
resource "aws_launch_configuration" "bad_example" {
root_block_device {
encrypted = false
}
}
Secure Example
The following example will pass the aws-ec2-enable-launch-config-at-rest-encryption check.
resource "aws_launch_configuration" "good_example" {
root_block_device {
encrypted = true
}
}