Pattern: CodeBuild Project artifacts encryption should not be disabled
Issue: -
All artifacts produced by your CodeBuild project pipeline should always be encrypted
Resolution: Enable encryption for CodeBuild project artifacts.
Example of incorrect code:
resource "aws_codebuild_project" "bad_example" {
// other config
artifacts {
// other artifacts config
encryption_disabled = true
}
}
resource "aws_codebuild_project" "bad_example" {
// other config including primary artifacts
secondary_artifacts {
// other artifacts config
encryption_disabled = false
}
secondary_artifacts {
// other artifacts config
encryption_disabled = true
}
}Example of correct code:
resource "aws_codebuild_project" "good_example" {
// other config
artifacts {
// other artifacts config
encryption_disabled = false
}
}
resource "aws_codebuild_project" "good_example" {
// other config
artifacts {
// other artifacts config
}
}
resource "aws_codebuild_project" "codebuild" {
// other config
secondary_artifacts {
// other artifacts config
encryption_disabled = false
}
secondary_artifacts {
// other artifacts config
}
}