Ensure AWS RedShift Cluster is encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)
Error: AWS RedShift Cluster is not encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)
Bridgecrew Policy ID: BC_AWS_GENERAL_131
Checkov Check ID: CKV_AWS_188
Severity: LOW
AWS RedShift Cluster is not encrypted by Key Management Service (KMS) using a Customer Managed Key (CMK)
Description
This policy identifies RedShift Clusters which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your RedShift Cluster data. It gives you full control over the encrypted data.
Fix - Runtime
TBD
Fix - Buildtime
Terraform
Resource: aws_efs_file_system
Arguments: encrypted
resource "aws_redshift_cluster" "pass" {
cluster_identifier = "examplea"
availability_zone = data.aws_availability_zones.available.names[0]
database_name = "mydb"
master_username = "foo_test"
master_password = "Mustbe8characters"
node_type = "dc2.large"
automated_snapshot_retention_period = 0
allow_version_upgrade = false
skip_final_snapshot = true
encrypted = true
kms_key_id = aws_kms_key.test.arn
}
Updated 5 months ago