Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)

Error: AWS FSX Windows filesystem not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_99
Checkov Check ID: CKV_AWS_179
Severity: TBD

AWS FSX Windows filesystem not encrypted using Customer Managed Key

Description

This is a simple check to ensure that FSX Windows file system is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster

Fix - Buildtime

Terraform

  • Resource: aws_fsx_windows_file_system
  • Attribute: kms_key_id
resource "aws_fsx_windows_file_system" "example" {
  active_directory_id = aws_directory_service_directory.example.id
  kms_key_id          = aws_kms_key.example.arn
  storage_capacity    = 300
  subnet_ids          = [aws_subnet.example.id]
  throughput_capacity = 1024
}