Ensure AWS SSM Parameter is encrypted
Error: AWS SSM Parameter is not encrypted
Bridgecrew Policy ID: BC_AWS_GENERAL_143
Checkov Check ID: CKV2_AWS_34
Severity: LOW
AWS SSM Parameter is not encrypted
Description
As a best practice enable encryption for your AWS SSM Parameter to improve data security without making changes to your business or applications. This check will trigger if you've defined a parameter type="string", to resolve, change the type to "SecureString". The parameter will then be encrypted with AWS managed Keys or a Customer Managed Key (CMK) if you have defined a key_id.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_ssm_parameter" "aws_ssm_parameter_ok" {
name = "sample"
* type = "SecureString"
value = "test"
description = "policy test"
tier = "Standard"
allowed_pattern = ".*"
data_type = "text"
}
Updated 2 months ago