v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/alicloud_compliance
Overview
1Dashboards
78Controls
40Queries
2Variables
GitHub

Control: 4.2 Ensure that 'Virtual Machine’s disk' are encrypted

Description

Ensure that disk are encrypted when it is created with the creation of VM instance.

Remediation

From Console

Encrypt a system disk when copying an image in the ECS console by following the below steps:

  1. Logon to ECS Console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. In the top navigation bar, select a region.
  4. On the Images page, click the Custom Image tab.
  5. Select the target image and click Copy Image in the Actions column.
  6. In the Copy Image dialog box, check the Encrypt box and then select a key from the drop-down list.
  7. Click OK.

You can encrypt a data disk when creating an instance by following the below steps:

  1. Logon to ECS Console.
  2. In the left-side navigation pane, choose Instances & Images > Instances.
  3. On the Instances page, click Create Instance.
  4. On the Basic Configurations page, find the Storage section and perform the following steps
    • Click Add Disk.
    • Specify the disk category and capacity of data disk.
    • Select Disk Encryption and then select a key from the drop-down list.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_4_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_4_2 --share

SQL

This control uses a named query:

ecs_disk_encryption_enabled

Tags

category = Compliance
cis = true
cis_item_id = 4.2
cis_level = 1
cis_section_id = 4
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/ECS