Ensure AWS EBS Volume is encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)

Error: AWS EBS Volume is not encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)

Bridgecrew Policy ID: BC_AWS_GENERAL_147
Checkov Check ID: CKV_AWS_212
Severity: LOW

AWS EBS Volume is not encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)

Description

This policy identifies Elastic File Systems (EFSs) which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your EFS data. It gives you full control over the encrypted data.

Fix - Runtime

TBD

Fix - Buildtime

Terraform

Resource: aws_ebs_volume
Arguments: kms_key_id

resource "aws_ebs_volume" "pass" {
  availability_zone = data.aws_availability_zones.available.names[0]
  size              = 1
  encrypted         = true
  kms_key_id        = aws_kms_key.test.arn

  tags = {
    Name = "taggy"
  }
}

Updated 11 months ago