Ensure AWS Code Artifact Domain is encrypted by KMS using a Customer Managed Key (CMK)

Error: AWS Code Artifact Domain is not encrypted by KMS using a Customer Managed Key (CMK)

Bridgecrew Policy ID: BC_AWS_GENERAL_127
Checkov Check ID: CKV_AWS_221
Severity: LOW

AWS Code Artifact Domain is not encrypted by KMS using a Customer Managed Key (CMK)

Description

This policy identifies Code Artifact Domains which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your Code Artifact Domain data. It gives you full control over the encrypted data.

Fix - Runtime

TBD

Fix - Buildtime

Terraform

resource "aws_codeartifact_domain" "pass" {
  domain         = "example"
  encryption_key = aws_kms_key.example.arn
  tags = {
    "key" = "value"
  }
}