query(cloudformation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit #7093
Labels
aws
PR related with AWS Cloud
cloudformation
CloudFormation query
community
Community contribution
query
New query feature
Platform
CloudFormation
Provider
AWS
Description
The description of the query does not accurately represent the the policy check.
The query checks ECS Task Definitions that have EFS volumes attached, and if so, it will trigger a policy violation if the volume is not encrypted in transit. Given that an ECS Cluster is a managed orchestrator, one can't encrypt the cluster, rather user can enable encryption in various ways depending on the resources that the cluster manages (EC2 hosts with EBS volumes, fargate tasks, etc).
Recommend a simple rename to "ECS Task EFS Volume Attachment Not Encrypted in Transit"
The text was updated successfully, but these errors were encountered: