Difference between revisions of "Terraform aws s3 bucket encryption resource always associated"

From wikieduonline
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 6: Line 6:
  
 
* https://www.coguard.io/post/dangerous-defaults-2-msk-uptime-or-data-integrity
 
* https://www.coguard.io/post/dangerous-defaults-2-msk-uptime-or-data-integrity
  Documentation:  Data stored on S3 buckets can be encrypted at rest. It is
+
 
 +
  Documentation:  Data stored on S3 buckets can be [[encrypted at rest]]. It is
 
               recommended to always have these encrypted. In Terraform, for
 
               recommended to always have these encrypted. In Terraform, for
               every `aws_s3_bucket` definition, one needs to define a
+
               every `[[aws_s3_bucket]]` definition, one needs to define a
 
               `aws_s3_bucket_server_side_encryption_configuration` definition
 
               `aws_s3_bucket_server_side_encryption_configuration` definition
 
               which contains a rule to apply server side encryption. This rule
 
               which contains a rule to apply server side encryption. This rule
Line 17: Line 18:
 
               into an external resource of type
 
               into an external resource of type
 
               `aws_s3_bucket_server_side_encryption_configuration`.
 
               `aws_s3_bucket_server_side_encryption_configuration`.
 +
 
               Remediation: For every resource of type `aws_s3_bucket`, ensure
 
               Remediation: For every resource of type `aws_s3_bucket`, ensure
 
               that there is an associated
 
               that there is an associated
Line 25: Line 27:
 
               orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
 
               orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
 
               nfiguration
 
               nfiguration
 +
 +
== Related ==
 +
* <code>[[aws_s3_bucket_server_side_encryption_configuration]]</code>
  
  
 
== See also ==
 
== See also ==
 +
* {{aws_s3_bucket_server_side_encryption_configuration}}
 
* {{coguard}}
 
* {{coguard}}
  
 
[[Category:S3]]
 
[[Category:S3]]

Latest revision as of 11:55, 9 July 2024


terraform_aws_s3_bucket_encryption_resource_always_associated


Documentation:  Data stored on S3 buckets can be encrypted at rest. It is
              recommended to always have these encrypted. In Terraform, for
              every `aws_s3_bucket` definition, one needs to define a
              `aws_s3_bucket_server_side_encryption_configuration` definition
              which contains a rule to apply server side encryption. This rule
              checks if every S3 bucket has indeed such a definition. It is to
              be remarked that there is also a deprecated possibility to define
              a `server_side_encryption_configuration` block inside the
              `aws_s3_bucket` resource. This should be avoided and transformed
              into an external resource of type
              `aws_s3_bucket_server_side_encryption_configuration`.
              Remediation: For every resource of type `aws_s3_bucket`, ensure
              that there is an associated
              `aws_s3_bucket_server_side_encryption_configuration` resource
              defined. Inside this resource, under the `rule` section, there
              needs to be the `apply_server_side_encryption_by_default` block
              present.   Source: https://registry.terraform.io/providers/hashic
              orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
              nfiguration

Related[edit]


See also[edit]

Advertising: