Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

query(cloudformation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit #7093

Open
adamjkeller opened this issue May 30, 2024 · 0 comments
Open

query(cloudformation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit #7093

adamjkeller opened this issue May 30, 2024 · 0 comments
Labels
aws PR related with AWS Cloud cloudformation CloudFormation query community Community contribution query New query feature

Comments

@adamjkeller
Copy link

Platform

CloudFormation

Provider

AWS

Description

The description of the query does not accurately represent the the policy check.

The query checks ECS Task Definitions that have EFS volumes attached, and if so, it will trigger a policy violation if the volume is not encrypted in transit. Given that an ECS Cluster is a managed orchestrator, one can't encrypt the cluster, rather user can enable encryption in various ways depending on the resources that the cluster manages (EC2 hosts with EBS volumes, fargate tasks, etc).

Recommend a simple rename to "ECS Task EFS Volume Attachment Not Encrypted in Transit"
@adamjkeller adamjkeller added community Community contribution query New query feature labels May 30, 2024
@github-actions github-actions bot added cloudformation CloudFormation query aws PR related with AWS Cloud labels May 30, 2024
@adamjkeller adamjkeller changed the title query(CloudFormation): ECS Cluster Not Encrypted At Rest should be ECS Task EFS Volume Attachment Not Encrypted in Transit query(CloudFormation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit May 30, 2024
@adamjkeller adamjkeller changed the title query(CloudFormation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit query(cloudFormation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit May 30, 2024
@adamjkeller adamjkeller changed the title query(cloudFormation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit query(cloudformation): ecs cluster not encrypted at eest should be ecs task efs volume attachment not encrypted in transit May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
aws PR related with AWS Cloud cloudformation CloudFormation query community Community contribution query New query feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adamjkeller