Ensure Session Manager data is encrypted in transit

Error: Session Manager data is not encrypted in transit

Bridgecrew Policy ID: BC_AWS_GENERAL_76
Checkov Check ID: CKV_AWS_112
Severity: MEDIUM

Session Manager data is not encrypted in transit

Description

This policy identifies AWS RDS DB (Relational Database Service Database) cluster snapshots which are not encrypted. It is highly recommended to implement encryption at rest when you are working with production data that have sensitive information, to protect from unauthorized access.

Fix - Buildtime

Terraform

  • Resource: aws_ssm_document
  • Argument: kmsKeyId
resource "aws_ssm_document" "enabled" {
  name          = "SSM-SessionManagerRunShell"
  document_type = "Session"

  content = <<DOC
  {
        ...
    "inputs": {
      ...
      "s3EncryptionEnabled": true,
   +  "kmsKeyId": "${var.kms_key_id}",
      "runAsEnabled": false,    
            ...
      }
    }
  }
DOC
}

Did this page help you?