github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/aws/ec2/enable_at_rest_encryption.tf.go (about) 1 package ec2 2 3 var terraformEnableAtRestEncryptionGoodExamples = []string{ 4 ` 5 resource "aws_instance" "good_example" { 6 ami = "ami-7f89a64f" 7 instance_type = "t1.micro" 8 9 root_block_device { 10 encrypted = true 11 } 12 13 ebs_block_device { 14 device_name = "/dev/sdg" 15 volume_size = 5 16 volume_type = "gp2" 17 delete_on_termination = false 18 encrypted = true 19 } 20 } 21 `, 22 } 23 24 var terraformEnableAtRestEncryptionBadExamples = []string{ 25 ` 26 resource "aws_instance" "bad_example" { 27 ami = "ami-7f89a64f" 28 instance_type = "t1.micro" 29 30 root_block_device { 31 encrypted = false 32 } 33 34 ebs_block_device { 35 device_name = "/dev/sdg" 36 volume_size = 5 37 volume_type = "gp2" 38 delete_on_termination = false 39 encrypted = false 40 } 41 } 42 `, 43 } 44 45 var terraformEnableAtRestEncryptionLinks = []string{ 46 `https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices`, 47 } 48 49 var terraformEnableAtRestEncryptionRemediationMarkdown = ``