Ensure Kinesis Video Stream is encrypted by KMS using a customer managed Key (CMK)

Error: [Policy Title]
Bridgecrew Policy ID: BC_AWS_GENERAL_97
Checkov Check ID: CKV_AWS_177
Severity: TBD

[Policy Title]

Description

This is a simple check to ensure that Kinesis Video Stream is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster.

Fix - Buildtime

Terraform

  • Resource: aws_kinesis_video_stream
  • Attribute: kms_key_id - (Optional) The ID of the AWS Key Management Service (AWS KMS) key that you want Kinesis Video Streams to use to encrypt stream data. If no key ID is specified, the default, Kinesis Video-managed key (aws/kinesisvideo) is used.
resource "aws_kinesis_video_stream" "default" {
  name                    = "terraform-kinesis-video-stream"
  data_retention_in_hours = 1
  device_name             = "kinesis-video-device-name"
  media_type              = "video/h264"
  + kms_ke_id							  = "ckv_kms"
  tags = {
    Name = "terraform-kinesis-video-stream"
  }
}