Ensure Backup Vault is encrypted at rest using KMS CMK

Error: Backup Vault is not encrypted at rest using KMS CMK

Bridgecrew Policy ID: BC_AWS_GENERAL_89
Checkov Check ID: CKV_AWS_166
Severity: MEDIUM

Backup Vault is not encrypted at rest using KMS CMK

Description

TBD

Fix - Buildtime

Terraform

  • Resource: aws_backup_vault
  • Argument: kms_key_arn
resource "aws_backup_vault" "backup_with_kms_key" {
    ...
  + kms_key_arn = aws_kms_key.example.arn
}

CloudFormation

  • Resource: AWS::Backup::BackupVault
  • Argument: Properties.EncryptionKeyArn
Type: AWS::Backup::BackupVault
    Properties:
      ...
+     EncryptionKeyArn: example.arn/aws_kms_key

Did this page help you?