CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsEnabling encryption on EBS volumes protects data at rest inside the volume, data in transit between the volume and the instance, snapshots created from the volume, and volumes created from those snapshots. When encryption is enabled, an AWS managed KMS key is used by default, or you can supply your own symmetric customer managed KMS key.
Set the aws_ebs_volume
encrypted
field to true
.
If encrypting with a customer managed KMS key, kms_key_id
should be set to the KMS key ARN.
resource "aws_ebs_volume" "example" {
availability_zone = "us-west-2a"
size = 40
encrypted = true
}
Set the AWS::EC2::Volume
Encrypted
field to true
.
JSON example configuration:
{
"Type": "AWS::EC2::Volume",
"Properties": {
"Encrypted": true
# other required fields here
}
}
YAML example configuration:
Type: AWS::EC2::Instance
Properties:
Encrypted: true
# other required fields here