Ensure Session Manager data is encrypted in transit

Error: Session Manager data is not encrypted in transit

Bridgecrew Policy ID: BC_AWS_GENERAL_76
Checkov Check ID: CKV_AWS_112
Severity: MEDIUM

Session Manager data is not encrypted in transit

Description

TBD

Fix - Buildtime

Terraform

  • Resource: aws_ssm_document
  • Argument: kmsKeyId
resource "aws_ssm_document" "enabled" {
  name          = "SSM-SessionManagerRunShell"
  document_type = "Session"

  content = <<DOC
  {
        ...
    "inputs": {
      ...
      "s3EncryptionEnabled": true,
   +  "kmsKeyId": "${var.kms_key_id}",
      "runAsEnabled": false,    
            ...
      }
    }
  }
DOC
}

Did this page help you?