> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Artifact Encryption Should Be Enabled CodeBuild Project

### More Info:

This rule verifies whether encryption is enabled for all artifacts of an AWS CodeBuild project. Enabling encryption for artifacts helps protect sensitive data stored in the artifacts from unauthorized access or tampering. It ensures that artifacts are encrypted while stored, providing an additional layer of security.

### Risk Level

Medium

### Address

Security

### Compliance Standards

CBP,SEBI,RBI\_UCB

### Remediation

#### Using Console

To remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project, you can follow these steps using the AWS Management Console:

1. **Open the AWS Management Console**: Go to the AWS Management Console ([https://aws.amazon.com/console/](https://aws.amazon.com/console/)).

2. **Navigate to CodeBuild**: Click on the "Services" dropdown menu at the top of the page, then select "CodeBuild" under the Developer Tools section.

3. **Select the CodeBuild Project**: From the CodeBuild dashboard, select the CodeBuild project for which you want to enable artifact encryption by clicking on the project name.

4. **Edit the Project Settings**: In the CodeBuild project details page, click on the "Edit" button in the top right corner to modify the project settings.

5. **Enable Artifact Encryption**: Scroll down to the "Artifacts" section in the project settings, and check the box next to "Encryption". This will enable artifact encryption for the CodeBuild project.

6. **Save the Changes**: After enabling artifact encryption, scroll to the bottom of the page and click on the "Save" button to apply the changes to the CodeBuild project.

7. **Verify Encryption Configuration**: Once the changes are saved, it's a good practice to verify that artifact encryption is indeed enabled for the CodeBuild project. You can do this by running a test build and checking the artifact encryption settings.

By following these steps, you can remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project using the AWS Management Console.

#### Using CLI

To remediate the misconfiguration of enabling artifact encryption for an AWS CodeBuild project using the AWS CLI, you can follow these steps:

1. **Enable artifact encryption for the CodeBuild project**:

   Run the following AWS CLI command to update the CodeBuild project configuration and enable artifact encryption:

   ```bash theme={null}
   aws codebuild update-project --name <project-name> --encryptionKey <encryption-key-arn> --artifactsEncryptionEnabled true
   ```

   Replace `<project-name>` with the name of your CodeBuild project and `<encryption-key-arn>` with the ARN of the KMS key to be used for artifact encryption.

2. **Verify artifact encryption is enabled**:

   To confirm that artifact encryption is enabled for the CodeBuild project, you can describe the project using the following AWS CLI command:

   ```bash theme={null}
   aws codebuild describe-projects --names <project-name>
   ```

   Ensure that the `artifactsEncryptionEnabled` property is set to `true` in the output.

By following these steps, you can successfully remediate the misconfiguration of enabling artifact encryption for an AWS CodeBuild project using the AWS CLI.

#### Using Python

To remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project using Python, you can follow these steps:

1. Import the necessary Python libraries:

```python theme={null}
import boto3
```

2. Initialize the AWS CodeBuild client:

```python theme={null}
codebuild_client = boto3.client('codebuild')
```

3. Get the list of existing CodeBuild projects:

```python theme={null}
response = codebuild_client.list_projects()
projects = response['projects']
```

4. For each project, check if artifact encryption is enabled. If not, update the project configuration to enable artifact encryption:

```python theme={null}
for project_name in projects:
    project = codebuild_client.batch_get_projects(names=[project_name])['projects'][0]
    
    if not project.get('encryptionKey'):
        project['encryptionKey'] = 'arn:aws:kms:us-east-1:123456789012:key/your-kms-key-id'
        
        codebuild_client.update_project(
            name=project_name,
            encryptionKey=project['encryptionKey']
        )
```

Replace `'arn:aws:kms:us-east-1:123456789012:key/your-kms-key-id'` with the ARN of the KMS key you want to use for artifact encryption.

5. Run the Python script to enable artifact encryption for all CodeBuild projects that do not have it enabled.

By following these steps, you can remediate the misconfiguration of artifact encryption not being enabled for an AWS CodeBuild project using Python.
