63 lines
1.6 KiB
Plaintext
63 lines
1.6 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Volume.html[aws_cdk.aws_ec2.Volume]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk.aws_ec2 import Volume
|
|
|
|
class EBSVolumeStack(Stack):
|
|
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
Volume(self,
|
|
"unencrypted-explicit",
|
|
availability_zone="eu-west-1a",
|
|
size=Size.gibibytes(1),
|
|
encrypted=False # Sensitive
|
|
)
|
|
----
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk.aws_ec2 import Volume
|
|
|
|
class EBSVolumeStack(Stack):
|
|
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
Volume(self,
|
|
"unencrypted-implicit",
|
|
availability_zone="eu-west-1a",
|
|
size=Size.gibibytes(1)
|
|
) # Sensitive as encryption is disabled by default
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.Volume.html[aws_cdk.aws_ec2.Volume]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk.aws_ec2 import Volume
|
|
|
|
class EBSVolumeStack(Stack):
|
|
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
Volume(self,
|
|
"encrypted-explicit",
|
|
availability_zone="eu-west-1a",
|
|
size=Size.gibibytes(1),
|
|
encrypted=True
|
|
)
|
|
----
|
|
|
|
include::../see.adoc[]
|