Difference between revisions of "Terraform aws s3 bucket encryption resource always associated"

terraform_aws_s3_bucket_encryption_resource_always_associated

• https://www.coguard.io/post/dangerous-defaults-2-msk-uptime-or-data-integrity

Documentation:  Data stored on S3 buckets can be encrypted at rest. It is
              recommended to always have these encrypted. In Terraform, for
              every `aws_s3_bucket` definition, one needs to define a
              `aws_s3_bucket_server_side_encryption_configuration` definition
              which contains a rule to apply server side encryption. This rule
              checks if every S3 bucket has indeed such a definition. It is to
              be remarked that there is also a deprecated possibility to define
              a `server_side_encryption_configuration` block inside the
              `aws_s3_bucket` resource. This should be avoided and transformed
              into an external resource of type
              `aws_s3_bucket_server_side_encryption_configuration`.

              Remediation: For every resource of type `aws_s3_bucket`, ensure
              that there is an associated
              `aws_s3_bucket_server_side_encryption_configuration` resource
              defined. Inside this resource, under the `rule` section, there
              needs to be the `apply_server_side_encryption_by_default` block
              present.   Source: https://registry.terraform.io/providers/hashic
              orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
              nfiguration

Related[edit]

• aws_s3_bucket_server_side_encryption_configuration

See also[edit]

• aws_s3_bucket_server_side_encryption_configuration
• Coguard, coguard folder, uses: coguardio/coguard-scan-action