Skip to content

Detective measure that alerts when an AMI is created that's not encrypted.

License

Notifications You must be signed in to change notification settings

reflexivesecurity/reflex-aws-ec2-ami-not-encrypted

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

reflex-aws-ec2-ami-not-encrypted

A Reflex rule for detecting the creation of unencrypted EC2 AMIs.

To learn more about EC2 AMI encryption, see the AWS Documentation.

Getting Started

To get started using Reflex, check out the Reflex Documentation.

Usage

To use this rule either add it to your reflex.yaml configuration file:

rules:
  aws:
    - detect-ec2-ami-not-encrypted:
        version: latest

or add it directly to your Terraform:

module "detect-ec2-ami-not-encrypted" {
  source            = "git::https://github.com/reflexivesecurity/reflex-aws-ec2-ami-not-encrypted.git?ref=latest"
  sns_topic_arn     = module.central-sns-topic.arn
  reflex_kms_key_id = module.reflex-kms-key.key_id
}

Note: The sns_topic_arn and reflex_kms_key_id example values shown here assume you generated resources with reflex build. If you are using the Terraform on its own you need to provide your own valid values.

Configuration

This rule has no configuration options.

Contributing

If you are interested in contributing, please review our contribution guide.

License

This Reflex rule is made available under the MPL 2.0 license. For more information view the LICENSE