Unencrypted S3 bucket.
S3 Buckets should be encrypted to protect the data that is stored within them if access is compromised.
Impact
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Configure bucket encryption
1
2
3
4
5
6
7
8
9
|
Resources:
GoodExample:
Type: AWS::S3::Bucket
Properties:
BucketEncryption:
ServerSideEncryptionConfiguration:
- BucketKeyEnabled: true
ServerSideEncryptionByDefault:
SSEAlgorithm: AES256
|
Configure bucket encryption
1
2
3
4
5
6
7
8
9
10
11
12
|
resource "aws_s3_bucket" "good_example" {
bucket = "mybucket"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = "arn"
sse_algorithm = "aws:kms"
}
}
}
}
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
resource "aws_s3_bucket" "good_example" {
bucket = "mybucket"
}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = aws_s3_bucket.good_example.id
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.mykey.arn
sse_algorithm = "aws:kms"
}
}
}
|
Links