Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)
Error: AWS fx ontap file system not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_98
Checkov Check ID: CKV_AWS_178
Severity: TBD
AWS fx ontap file system not encrypted using Customer Managed Key
Description
This is a simple check to ensure that fx ontap file system is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster
Fix - Buildtime
Terraform
Resource: aws_fsx_ontap_file_system
Attribute: kms_key_id - (Optional) ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key.
resource "aws_fsx_ontap_file_system" "test" {
storage_capacity = 1024
subnet_ids = [aws_subnet.test1.id, aws_subnet.test2.id]
deployment_type = "MULTI_AZ_1"
throughput_capacity = 512
preferred_subnet_id = aws_subnet.test1.id
+ kms_key_id = "ckv_kms"
}
Updated 12 months ago