Ensure AWS EBS Volume is encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)
Error: AWS EBS Volume is not encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)
Bridgecrew Policy ID: BC_AWS_GENERAL_147
Checkov Check ID: CKV_AWS_212
Severity: LOW
AWS EBS Volume is not encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)
Description
This policy identifies Elastic File Systems (EFSs) which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your EFS data. It gives you full control over the encrypted data.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
Resource: aws_ebs_volume
Arguments: kms_key_id
resource "aws_ebs_volume" "pass" {
availability_zone = data.aws_availability_zones.available.names[0]
size = 1
encrypted = true
kms_key_id = aws_kms_key.test.arn
tags = {
Name = "taggy"
}
}
Updated 11 months ago