Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ebs_attached_volume_encryption_enabled should validate all EBS volume without where condition Closes #503 #504

Merged
merged 2 commits into from
Oct 17, 2022
Merged

ebs_attached_volume_encryption_enabled should validate all EBS volume without where condition Closes #503 #504

merged 2 commits into from
Oct 17, 2022

Conversation

khushboo9024
Copy link
Contributor

Checklist

  • Issue(s) linked

@khushboo9024 khushboo9024 self-assigned this Sep 23, 2022
@cbruno10 cbruno10 linked an issue Sep 23, 2022 that may be closed by this pull request
ebs_attached_volume_encryption_enabled should validate all EBS volume without where condition #503
Closed
cbruno10
cbruno10 requested changes Sep 23, 2022
View reviewed changes
Copy link
Contributor

@cbruno10 cbruno10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@khushboo9024 Please see comment, thanks!

query/ebs/ebs_attached_volume_encryption_enabled.sql Outdated
@@ -2,17 +2,17 @@ select
-- Required Columns
arn as resource,
case
when state != 'in-use' then 'info'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
when state != 'in-use' then 'info'
when state != 'in-use' then 'skip'

If we're not evaluating them, should it be in skip state instead? What does the original query/config rule say about evaluating unattached volumes (or doesn't say)?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cbruno10 this is what it says below; non-attached ones we can skip

This control checks whether the EBS volumes that are in an attached state are encrypted. To pass this check, EBS volumes must be in use and encrypted. If the EBS volume is not attached, then it is not subject to this check.

Base automatically changed from release/v0.48 to main September 24, 2022 01:27
@misraved misraved changed the base branch from main to release/v0.49 October 17, 2022 06:39
rajlearner17
rajlearner17 approved these changes Oct 17, 2022
View reviewed changes
Copy link
Contributor

@rajlearner17 rajlearner17 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@misraved misraved merged commit 7e573aa into release/v0.49 Oct 17, 2022
@misraved misraved deleted the issue-503 branch October 17, 2022 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbruno10 cbruno10 cbruno10 requested changes

@misraved misraved misraved approved these changes

@rajlearner17 rajlearner17 rajlearner17 approved these changes

Assignees

@khushboo9024 khushboo9024

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ebs_attached_volume_encryption_enabled should validate all EBS volume without where condition
4 participants
@khushboo9024 @cbruno10 @rajlearner17 @misraved