Ensure AWS Keyspace Table uses Customer Managed Keys (CMKs)
Error: AWS Keyspace Table does not use Customer Managed Keys (CMKs)
Bridgecrew Policy ID: BC_AWS_GENERAL_181
Checkov Check ID: CKV_AWS_265
Severity: LOW
AWS Keyspace Table does not use Customer Managed Keys (CMKs)
Description
This policy identifies Keyspace Tables which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your Keyspace Table data. It gives you full control over the encrypted data.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
Resource: aws_keyspaces_table
Arguments: encryption_specification.kms_key_identifier
resource "aws_keyspaces_table" "pass" {
keyspace_name = aws_keyspaces_keyspace.example.name
table_name = "my_table"
schema_definition {
column {
name = "Message"
type = "ASCII"
}
partition_key {
name = "Message"
}
}
encryption_specification {
kms_key_identifier=aws_kms_key.example.arn
type="CUSTOMER_MANAGED_KEY"
}
Updated 11 months ago