SonarCloud detects encryption problems in your Python+CDK code


Some of you are moving away from pure CloudFormation / Terraform files, and rely on the AWS Cloud Development Kit (AWS CDK) to define cloud application resources using programming languages.
If you are using Python + CDK, we are happy to announce our second set of rules focusing on Encryption at Rest and at Transit (the first one was about S3 buckets).

Here is the list of rules:

  • S6319: Using unencrypted SageMaker notebook instances is security-sensitive
  • S4423: Weak SSL/TLS protocols should not be used
  • S6332: Using unencrypted EFS file systems is security-sensitive
  • S6303: Using unencrypted RDS databases is security-sensitive
  • S6308: Using unencrypted OpenSearch domains is security-sensitive
  • S6327: Using unencrypted SNS topics is security-sensitive
  • S6330: Using unencrypted SQS queues is security-sensitive
  • S6275: Using unencrypted EBS volumes is security-sensitive

Next Step?
We are working to cover the same domains already covered by our CloudFormation and Terraform support: Public Access, Network, Firewall, Permission, and Access Control.