Ensure AWS Kendra index server side encryption uses Customer Managed Keys (CMKs)
Error: AWS Kendra index server side encryption does not use Customer Managed Keys (CMKs)
Bridgecrew Policy ID: BC_AWS_GENERAL_178
Checkov Check ID: CKV_AWS_262
Severity: LOW
AWS Kendra index server side encryption does not use Customer Managed Keys (CMKs)
Description
This policy identifies Kendra index servers which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your Kendra index server data. It gives you full control over the encrypted data.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
Resource: aws_kendra_index
Arguments: server_side_encryption_configuration.kms_key_id
resource "aws_kendra_index" "pass" {
name = "example"
role_arn = aws_iam_role.this.arn
server_side_encryption_configuration {
kms_key_id = data.aws_kms_key.this.arn
}
}
Updated 5 months ago