Ensure AWS Appsync API Cache is encrypted at rest
Error: AWS Appsync API Cache is not encrypted at rest
Bridgecrew Policy ID: BC_AWS_GENERAL_156
Checkov Check ID: CKV_AWS_214
Severity: LOW
AWS Appsync API Cache is not encrypted at rest
Description
Encryption of data at rest is a security feature that helps prevent unauthorized access to your data. The feature uses AWS Key Management Service (AWS KMS) to store and manage your encryption keys and the Advanced Encryption Standard algorithm with 256-bit keys (AES-256) to perform the encryption. If enabled, the feature encrypts the domain's: indices, logs, swap files, all data in the application directory, and automated snapshots.
We recommend you implement encryption at rest in order to protect a data store containing sensitive information from unauthorized access, and fulfill compliance requirements.
Fix - Runtime
Fix - Buildtime
resource "aws_appsync_api_cache" "pass" {
api_id = aws_appsync_graphql_api.default.id
transit_encryption_enabled = true
at_rest_encryption_enabled = true
ttl = 60
type = "SMALL"
api_caching_behavior = "FULL_REQUEST_CACHING"
}
Updated 6 months ago