Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)

Error: AWS EBS Snapshot Copy not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_103
Checkov Check ID: CKV_AWS_183
Severity: LOW

AWS EBS Snapshot Copy not encrypted using Customer Managed Key

Description

This is a simple check to ensure that the EBS Snapshot copy is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the snapshot.

Fix - Buildtime

Terraform

  • Resource: aws_ebs_snapshot_copy
  • Attribute: kms_key_id - The ARN for the KMS encryption key.
resource "aws_ebs_snapshot_copy" "example_copy" {
  source_snapshot_id = aws_ebs_snapshot.example_snapshot.id
  source_region      = "us-west-2"
  + kms_key_id 			 = "ckv_kms"
  tags = {
    Name = "HelloWorld_copy_snap"
  }
}