Ensure S3 buckets are encrypted with KMS by default

Error: S3 buckets are not encrypted with KMS

Bridgecrew Policy ID: BC_AWS_GENERAL_56
Checkov Check ID: CKV_AWS_145
Severity: LOW

S3 buckets are not encrypted with KMS

Description

TBA

Fix - Buildtime

Terraform

  • Resource: aws_s3_bucket
  • Argument: pply_server_side_encryption_by_default.kms_master_key_id
resource "aws_s3_bucket" "mybucket" {
  ...
  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = aws_kms_key.mykey.arn
 +      sse_algorithm     = "aws:kms"
      }
    }
  }
}

Did this page help you?