Difference between revisions of "Terraform aws s3 bucket encryption resource always associated"

From wikieduonline
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
 +
 +
 +
<code>terraform_aws_s3_bucket_encryption_resource_always_associated</code>
 +
  
 
* https://www.coguard.io/post/dangerous-defaults-2-msk-uptime-or-data-integrity
 
* https://www.coguard.io/post/dangerous-defaults-2-msk-uptime-or-data-integrity
  
<code>terraform_aws_s3_bucket_encryption_resource_always_associated</code>
+
Documentation:  Data stored on S3 buckets can be [[encrypted at rest]]. It is
 +
              recommended to always have these encrypted. In Terraform, for
 +
              every `[[aws_s3_bucket]]` definition, one needs to define a
 +
              `aws_s3_bucket_server_side_encryption_configuration` definition
 +
              which contains a rule to apply server side encryption. This rule
 +
              checks if every S3 bucket has indeed such a definition. It is to
 +
              be remarked that there is also a deprecated possibility to define
 +
              a `server_side_encryption_configuration` block inside the
 +
              `aws_s3_bucket` resource. This should be avoided and transformed
 +
              into an external resource of type
 +
              `aws_s3_bucket_server_side_encryption_configuration`.
 +
 
 +
              Remediation: For every resource of type `aws_s3_bucket`, ensure
 +
              that there is an associated
 +
              `aws_s3_bucket_server_side_encryption_configuration` resource
 +
              defined. Inside this resource, under the `rule` section, there
 +
              needs to be the `apply_server_side_encryption_by_default` block
 +
              present.  Source: https://registry.terraform.io/providers/hashic
 +
              orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
 +
              nfiguration
 +
 
 +
== Related ==
 +
* <code>[[aws_s3_bucket_server_side_encryption_configuration]]</code>
  
  
 
== See also ==
 
== See also ==
 +
* {{aws_s3_bucket_server_side_encryption_configuration}}
 
* {{coguard}}
 
* {{coguard}}
  
 
[[Category:S3]]
 
[[Category:S3]]

Latest revision as of 11:55, 9 July 2024


terraform_aws_s3_bucket_encryption_resource_always_associated


Documentation:  Data stored on S3 buckets can be encrypted at rest. It is
              recommended to always have these encrypted. In Terraform, for
              every `aws_s3_bucket` definition, one needs to define a
              `aws_s3_bucket_server_side_encryption_configuration` definition
              which contains a rule to apply server side encryption. This rule
              checks if every S3 bucket has indeed such a definition. It is to
              be remarked that there is also a deprecated possibility to define
              a `server_side_encryption_configuration` block inside the
              `aws_s3_bucket` resource. This should be avoided and transformed
              into an external resource of type
              `aws_s3_bucket_server_side_encryption_configuration`.
              Remediation: For every resource of type `aws_s3_bucket`, ensure
              that there is an associated
              `aws_s3_bucket_server_side_encryption_configuration` resource
              defined. Inside this resource, under the `rule` section, there
              needs to be the `apply_server_side_encryption_by_default` block
              present.   Source: https://registry.terraform.io/providers/hashic
              orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
              nfiguration

Related[edit]


See also[edit]

Advertising: