Ensure fx ontap file system is encrypted by KMS using a customer managed Key (CMK)

Error: AWS fx ontap file system not encrypted using Customer Managed Key
Bridgecrew Policy ID: BC_AWS_GENERAL_98
Checkov Check ID: CKV_AWS_178
Severity: TBD

AWS fx ontap file system not encrypted using Customer Managed Key

Description

This is a simple check to ensure that fx ontap file system is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster

Fix - Buildtime

Terraform

Resource: aws_fsx_ontap_file_system
Attribute: kms_key_id - (Optional) ARN for the KMS Key to encrypt the file system at rest, Defaults to an AWS managed KMS Key.

resource "aws_fsx_ontap_file_system" "test" {
  storage_capacity    = 1024
  subnet_ids          = [aws_subnet.test1.id, aws_subnet.test2.id]
  deployment_type     = "MULTI_AZ_1"
  throughput_capacity = 512
  preferred_subnet_id = aws_subnet.test1.id
  + kms_key_id        = "ckv_kms"
}