Ensure EBS Snapshot Copy is encrypted by KMS using a customer managed Key (CMK)
Error: AWS EBS Snapshot Copy not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_103
Checkov Check ID: CKV_AWS_183
Severity: LOW
AWS EBS Snapshot Copy not encrypted using Customer Managed Key
Description
This is a simple check to ensure that the EBS Snapshot copy is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the snapshot.
Fix - Buildtime
Terraform
- Resource: aws_ebs_snapshot_copy
- Attribute: kms_key_id - The ARN for the KMS encryption key.
resource "aws_ebs_snapshot_copy" "example_copy" {
source_snapshot_id = aws_ebs_snapshot.example_snapshot.id
source_region = "us-west-2"
+ kms_key_id = "ckv_kms"
tags = {
Name = "HelloWorld_copy_snap"
}
}
Updated 10 months ago