Skip to content

Latest commit

 

History

History
77 lines (53 loc) · 1.21 KB

AWS080.md

File metadata and controls

77 lines (53 loc) · 1.21 KB

Pattern: CodeBuild Project artifacts encryption should not be disabled

Issue: -

Description

All artifacts produced by your CodeBuild project pipeline should always be encrypted

Resolution: Enable encryption for CodeBuild project artifacts.

Examples

Example of incorrect code:

resource "aws_codebuild_project" "bad_example" {
	// other config

	artifacts {
		// other artifacts config

		encryption_disabled = true
	}
}

resource "aws_codebuild_project" "bad_example" {
	// other config including primary artifacts

	secondary_artifacts {
		// other artifacts config
		
		encryption_disabled = false
	}

	secondary_artifacts {
		// other artifacts config

		encryption_disabled = true
	}
}

Example of correct code:

resource "aws_codebuild_project" "good_example" {
	// other config

	artifacts {
		// other artifacts config

		encryption_disabled = false
	}
}

resource "aws_codebuild_project" "good_example" {
	// other config

	artifacts {
		// other artifacts config
	}
}

resource "aws_codebuild_project" "codebuild" {
	// other config

	secondary_artifacts {
		// other artifacts config

		encryption_disabled = false
	}

	secondary_artifacts {
		// other artifacts config
	}
}