Ensure FSX Windows filesystem is encrypted by KMS using a customer managed Key (CMK)
Error: AWS FSX Windows filesystem not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_99
Checkov Check ID: CKV_AWS_179
Severity: TBD
AWS FSX Windows filesystem not encrypted using Customer Managed Key
Description
This is a simple check to ensure that FSX Windows file system is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster
Fix - Buildtime
Terraform
- Resource: aws_fsx_windows_file_system
- Attribute: kms_key_id
resource "aws_fsx_windows_file_system" "example" {
active_directory_id = aws_directory_service_directory.example.id
kms_key_id = aws_kms_key.example.arn
storage_capacity = 300
subnet_ids = [aws_subnet.example.id]
throughput_capacity = 1024
}
Updated about 1 year ago