Ensure Image Builder component is encrypted by KMS using a customer managed Key (CMK)

Error: AWS Image Builder component not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_100
Checkov Check ID: CKV_AWS_180
Severity: LOW

AWS Image Builder component not encrypted using Customer Managed Key

Description

This is a simple check to ensure that Image builder component is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the component.

Fix - Buildtime

Terraform

  • Resource: aws_imagebuilder_component
  • Attribute: kms_key_id - (Optional) Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.
resource "aws_imagebuilder_component" "example" {
  data = yamlencode({
    phases = [{
      name = "build"
      steps = [{
        action = "ExecuteBash"
        inputs = {
          commands = ["echo 'hello world'"]
        }
        name      = "example"
        onFailure = "Continue"
      }]
    }]
    schemaVersion = 1.0
  })
  name     = "example"
  platform = "Linux"
  version  = "1.0.0"
  kms_key_id = "ckv_kms"
}