Ensure AWS MemoryDB is encrypted at rest by AWS' Key Management Service KMS using CMKs
Error: AWS MemoryDB is not encrypted at rest by AWS' Key Management Service KMS using CMKs
Bridgecrew Policy ID: BC_AWS_GENERAL_126
Checkov Check ID: CKV_AWS_201
Severity: LOW
AWS MemoryDB is not encrypted at rest by AWS' Key Management Service KMS using CMKs
Description
This policy identifies MemoryDB which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your MemoryDB data. It gives you full control over the encrypted data.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
Resource: aws_memorydb_cluster
Arguments: kms_key_arn
resource "aws_memorydb_cluster" "pass" {
acl_name = "open-access"
name = "my-cluster"
node_type = "db.t4g.small"
num_shards = 2
security_group_ids = [aws_security_group.example.id]
snapshot_retention_limit = 7
subnet_group_name = aws_memorydb_subnet_group.example.id
kms_key_arn = aws_kms_key.example.arn
}
Updated 11 months ago