CodeBuild build artifacts encryption should not be disabled
- GG_ID: GG_IAC_0029
- Severity: HIGH
- Complexity: LOW
- Categories: DATA, PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
#
DescriptionCodeBuild uses artifacts such as a cache, logs, exported raw test report data files, and build results. Those should always be encrypted to protect the data if accesses are compromised.
#
ImpactAn attacker could read the CodeBuild build artifacts if it gains access to the AWS account.
#
Remediation guidelinesDo not disable the CodeBuild build artifacts encryption.