Artifact Encryption Should Be Enabled CodeBuild Project
More Info:
This rule verifies whether encryption is enabled for all artifacts of an AWS CodeBuild project. Enabling encryption for artifacts helps protect sensitive data stored in the artifacts from unauthorized access or tampering. It ensures that artifacts are encrypted while stored, providing an additional layer of security.
Risk Level
Medium
Address
Security
Compliance Standards
CBP,SEBI,RBI_UCB
Remediation
Using Console
To remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project, you can follow these steps using the AWS Management Console:
-
Open the AWS Management Console: Go to the AWS Management Console (https://aws.amazon.com/console/).
-
Navigate to CodeBuild: Click on the “Services” dropdown menu at the top of the page, then select “CodeBuild” under the Developer Tools section.
-
Select the CodeBuild Project: From the CodeBuild dashboard, select the CodeBuild project for which you want to enable artifact encryption by clicking on the project name.
-
Edit the Project Settings: In the CodeBuild project details page, click on the “Edit” button in the top right corner to modify the project settings.
-
Enable Artifact Encryption: Scroll down to the “Artifacts” section in the project settings, and check the box next to “Encryption”. This will enable artifact encryption for the CodeBuild project.
-
Save the Changes: After enabling artifact encryption, scroll to the bottom of the page and click on the “Save” button to apply the changes to the CodeBuild project.
-
Verify Encryption Configuration: Once the changes are saved, it’s a good practice to verify that artifact encryption is indeed enabled for the CodeBuild project. You can do this by running a test build and checking the artifact encryption settings.
By following these steps, you can remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project using the AWS Management Console.
Using CLI
To remediate the misconfiguration of enabling artifact encryption for an AWS CodeBuild project using the AWS CLI, you can follow these steps:
-
Enable artifact encryption for the CodeBuild project:
Run the following AWS CLI command to update the CodeBuild project configuration and enable artifact encryption:
Replace
<project-name>with the name of your CodeBuild project and<encryption-key-arn>with the ARN of the KMS key to be used for artifact encryption. -
Verify artifact encryption is enabled:
To confirm that artifact encryption is enabled for the CodeBuild project, you can describe the project using the following AWS CLI command:
Ensure that the
artifactsEncryptionEnabledproperty is set totruein the output.
By following these steps, you can successfully remediate the misconfiguration of enabling artifact encryption for an AWS CodeBuild project using the AWS CLI.
Using Python
To remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project using Python, you can follow these steps:
- Import the necessary Python libraries:
- Initialize the AWS CodeBuild client:
- Get the list of existing CodeBuild projects:
- For each project, check if artifact encryption is enabled. If not, update the project configuration to enable artifact encryption:
Replace 'arn:aws:kms:us-east-1:123456789012:key/your-kms-key-id' with the ARN of the KMS key you want to use for artifact encryption.
- Run the Python script to enable artifact encryption for all CodeBuild projects that do not have it enabled.
By following these steps, you can remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project using Python.