Ensure S3 buckets are encrypted with KMS by default
Error: S3 buckets are not encrypted with KMS
Bridgecrew Policy ID: BC_AWS_GENERAL_56
Checkov Check ID: CKV_AWS_145
Severity: LOW
S3 buckets are not encrypted with KMS
Description
TBA
Fix - Buildtime
Terraform
- Resource: aws_s3_bucket
- Argument: pply_server_side_encryption_by_default.kms_master_key_id
resource "aws_s3_bucket" "mybucket" {
...
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.mykey.arn
+ sse_algorithm = "aws:kms"
}
}
}
}
Updated 10 months ago
Did this page help you?