PlatformResourcesSign inSign Up

Ensure AWS DLM cross-region events are encrypted

Error: AWS DLM cross-region events are not encrypted

Bridgecrew Policy ID: BC_AWS_GENERAL_161
Checkov Check ID: CKV_AWS_253
Severity: LOW

Suggest Edits

AWS DLM cross-region events are not encrypted

Description

As a best practice enable encryption for your AWS DLM cross-region events to improve data security without making changes to your business or applications.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_dlm_lifecycle_policy" "pass" {
  description        = "tf-acc-basic"
  execution_role_arn = aws_iam_role.example.arn

  policy_details {
    policy_type = "EVENT_BASED_POLICY"

    resource_types = []
    target_tags    = {}

    action {
      name = "tf-acc-basic"
      cross_region_copy {
        encryption_configuration {
          cmk_arn    = aws_kms_key.test.arn
          encryption = true
        }
        retain_rule {
          interval      = 15
          interval_unit = "MONTHS"
        }

      }
    }

    event_source {
      type = "MANAGED_CWE"
      parameters {
        description_regex = "^.*Created for policy: policy-1234567890abcdef0.*$"
        event_type        = "shareSnapshot"
        snapshot_owner    = [data.aws_caller_identity.current.account_id]
      }
    }
  }
}

Updated 3 months ago