Session Manager data is not encrypted in transit

Description

This policy identifies AWS RDS DB (Relational Database Service Database) cluster snapshots which are not encrypted. It is highly recommended to implement encryption at rest when you are working with production data that have sensitive information, to protect from unauthorized access.

Fix - Buildtime

Terraform

• Resource: aws_ssm_document
• Argument: kmsKeyId

resource "aws_ssm_document" "enabled" {
  name          = "SSM-SessionManagerRunShell"
  document_type = "Session"

  content = <<DOC
  {
		...
    "inputs": {
      ...
      "s3EncryptionEnabled": true,
   +  "kmsKeyId": "${var.kms_key_id}",
      "runAsEnabled": false,	
			...
      }
    }
  }
DOC
}