Ensure Backup Vault is encrypted at rest using KMS CMK
Error: Backup Vault is not encrypted at rest using KMS CMK
Bridgecrew Policy ID: BC_AWS_GENERAL_89
Checkov Check ID: CKV_AWS_166
Severity: MEDIUM
Backup Vault is not encrypted at rest using KMS CMK
Description
TBD
Fix - Buildtime
Terraform
- Resource: aws_backup_vault
- Argument: kms_key_arn
resource "aws_backup_vault" "backup_with_kms_key" {
...
+ kms_key_arn = aws_kms_key.example.arn
}
CloudFormation
- Resource: AWS::Backup::BackupVault
- Argument: Properties.EncryptionKeyArn
Type: AWS::Backup::BackupVault
Properties:
...
+ EncryptionKeyArn: example.arn/aws_kms_key
Updated about 1 month ago
Did this page help you?