Root block device is not encrypted

The code example below block device is not encrypted

resource "aws_instance" "insecure_example" {
  ami = "ami-7f89a64f"
  instance_type = "t1.micro"

  root_block_device {
      encrypted = false
  }

  ebs_block_device {
    device_name = "/dev/sdg"
    volume_size = 5
    volume_type = "gp2"
    delete_on_termination = false
    encrypted = false
  }
}

Why it's vulnerable?

The block device could be compromised and read from

How to fix?

Turn on encryption for all block devices

resource "aws_instance" "secure_example" {
  ami = "ami-7f89a64f"
  instance_type = "t1.micro"

  root_block_device {
      encrypted = true
  }

  ebs_block_device {
    device_name = "/dev/sdg"
    volume_size = 5
    volume_type = "gp2"
    delete_on_termination = false
    encrypted = true
  }
}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

root_block.md

root_block.md

Root block device is not encrypted

Why it's vulnerable?

How to fix?

Files

root_block.md

Latest commit

History

root_block.md

File metadata and controls

Root block device is not encrypted

Why it's vulnerable?

How to fix?