AWS Config Rule: CodeBuild Project Artifact Encryption
CODEBUILD_PROJECT_ARTIFACT_ENCRYPTION
Ryan Ware
Last Update 9 months ago
Description: Checks if an AWS CodeBuild project has encryption enabled for all of its artifacts. The rule is NON_COMPLIANT if ‘encryptionDisabled’ is set to ‘true’ for any primary or secondary (if present) artifact configurations.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region
How to Resolve Manually
To resolve this manually, you will first need to head over to the CodeBuild Dashboard within the AWS Console. From the list on the left hand side, choose Build followed by Build Projects.
From here you will be able to see a list of your CodeBuild Build Projects. Click on one of your Build Projects to see more information on this resource.
At the top of the page, you will see an Edit button which will drop down into a new menu. From these options, choose Artifacts.
Under Additional Configuration within the Edit Artifacts menu, you will be able to configure cache and encryption key for your AWS CodeBuild Artifacts.
The optional configuration allows you to provide an AWS KMS customer key to encrypt this build's output artifacts.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
