Ensure RedShift Cluster is encrypted by KMS using a customer managed Key
Error:AWS Redshift Cluster not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_108
Checkov Check ID: CKV_AWS_188
Severity: LOW
Ensure RedShift Cluster is encrypted by KMS using a customer managed Key
Description
This is a simple check to ensure that the Cluster is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster.
Fix - Buildtime
Terraform
- Resource: aws_redshift_cluster
- Argument: kms_key_id. The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true.
resource "aws_redshift_cluster" "pass" {
cluster_identifier = "examplea"
availability_zone = data.aws_availability_zones.available.names[0]
database_name = "mydb"
master_username = "foo_test"
master_password = "Mustbe8characters"
node_type = "dc2.large"
automated_snapshot_retention_period = 0
allow_version_upgrade = false
skip_final_snapshot = true
encrypted = true
+ kms_key_id = aws_kms_key.test.arn
}
Updated almost 2 years ago