Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
The description of the query does not accurately represent the the policy check.
The query checks ECS Task Definitions that have EFS volumes attached, and if so, it will trigger a policy violation if the volume is not encrypted in transit. Given that an ECS Cluster is a managed orchestrator, one can't encrypt the cluster, rather user can enable encryption in various ways depending on the resources that the cluster manages (EC2 hosts with EBS volumes, fargate tasks, etc).
Recommend a simple rename to "ECS Task EFS Volume Attachment Not Encrypted in Transit"
Platform
CloudFormation
Provider
AWS
Description
The description of the query does not accurately represent the the policy check.
The query checks ECS Task Definitions that have EFS volumes attached, and if so, it will trigger a policy violation if the volume is not encrypted in transit. Given that an ECS Cluster is a managed orchestrator, one can't encrypt the cluster, rather user can enable encryption in various ways depending on the resources that the cluster manages (EC2 hosts with EBS volumes, fargate tasks, etc).
Recommend a simple rename to "ECS Task EFS Volume Attachment Not Encrypted in Transit"