Ensure AWS SSM Parameter is encrypted

Error: AWS SSM Parameter is not encrypted

Bridgecrew Policy ID: BC_AWS_GENERAL_143
Checkov Check ID: CKV2_AWS_34
Severity: LOW

AWS SSM Parameter is not encrypted

Description

As a best practice enable encryption for your AWS SSM Parameter to improve data security without making changes to your business or applications. This check will trigger if you've defined a parameter type="string", to resolve, change the type to "SecureString". The parameter will then be encrypted with AWS managed Keys or a Customer Managed Key (CMK) if you have defined a key_id.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_ssm_parameter" "aws_ssm_parameter_ok" {
 name            = "sample"
* type            = "SecureString"
 value           = "test"
 description     = "policy test"
 tier            = "Standard"
 allowed_pattern = ".*"
 data_type       = "text"
}