include::../description.adoc[] include::../ask-yourself.adoc[] include::../recommended.adoc[] == Sensitive Code Example For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume[aws_ebs_volume]: ---- resource "aws_ebs_volume" "ebs_volume" { # Sensitive if "encrypted by default" is disabled } ---- ---- resource "aws_ebs_volume" "ebs_volume" { encrypted = false # Sensitive } ---- For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default[aws_ebs_encryption_by_default]: ---- resource "aws_ebs_encryption_by_default" "default_encryption" { enabled = false # Sensitive } ---- For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration[aws_launch_configuration]: ---- resource "aws_launch_configuration" "launch_configuration" { root_block_device { # Sensitive if "encrypted by default" is disabled } ebs_block_device { # Sensitive if "encrypted by default" is disabled } } ---- ---- resource "aws_launch_configuration" "launch_configuration" { root_block_device { encrypted = false # Sensitive } ebs_block_device { encrypted = false # Sensitive } } ---- == Compliant Solution For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume[aws_ebs_volume]: ---- resource "aws_ebs_volume" "ebs_volume" { encrypted = true } ---- For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_encryption_by_default[aws_ebs_encryption_by_default]: ---- resource "aws_ebs_encryption_by_default" "default_encryption" { enabled = true # Optional, default is "true" } ---- For https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration[aws_launch_configuration]: ---- resource "aws_launch_configuration" "launch_configuration" { root_block_device { encrypted = true } ebs_block_device { encrypted = true } } ---- include::../see.adoc[]