🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-alicloud-compliance
Overview
1Dashboards
78Benchmarks
40Queries
2Variables
GitHub

Control: 4.1 Ensure that 'Unattached disks' are encrypted

Description

Ensure that unattached disks in a subscription are encrypted.

Remediation

From Console

  1. Logon to ECS Console.
  2. In the left-side navigation pane, choose Storage & Snapshots > Disk.
  3. In the upper-right corner of the Disks page, click Create Disk.
  4. In the Disk section, check the Disk Encryption box and then select a key from the drop-down list.

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_4_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_4_1 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    when encrypted then 'ok'
    else 'alarm'
  end as status,
  case
    when  encrypted then  title || ' encryption enabled.'
    else  title || ' encryption disabled.'
  end as reason
  
  , account_id as account_id, region as region
from
  alicloud_ecs_disk
where
  status = 'Available';

Tags

category = Compliance
cis = true
cis_item_id = 4.1
cis_level = 1
cis_section_id = 4
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/ECS