Difference between revisions of "Terraform aws s3 bucket encryption resource always associated"
Jump to navigation
Jump to search
Line 18: | Line 18: | ||
into an external resource of type | into an external resource of type | ||
`aws_s3_bucket_server_side_encryption_configuration`. | `aws_s3_bucket_server_side_encryption_configuration`. | ||
+ | |||
Remediation: For every resource of type `aws_s3_bucket`, ensure | Remediation: For every resource of type `aws_s3_bucket`, ensure | ||
that there is an associated | that there is an associated |
Latest revision as of 11:55, 9 July 2024
terraform_aws_s3_bucket_encryption_resource_always_associated
Documentation: Data stored on S3 buckets can be encrypted at rest. It is recommended to always have these encrypted. In Terraform, for every `aws_s3_bucket` definition, one needs to define a `aws_s3_bucket_server_side_encryption_configuration` definition which contains a rule to apply server side encryption. This rule checks if every S3 bucket has indeed such a definition. It is to be remarked that there is also a deprecated possibility to define a `server_side_encryption_configuration` block inside the `aws_s3_bucket` resource. This should be avoided and transformed into an external resource of type `aws_s3_bucket_server_side_encryption_configuration`.
Remediation: For every resource of type `aws_s3_bucket`, ensure that there is an associated `aws_s3_bucket_server_side_encryption_configuration` resource defined. Inside this resource, under the `rule` section, there needs to be the `apply_server_side_encryption_by_default` block present. Source: https://registry.terraform.io/providers/hashic orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co nfiguration
Related[edit]
See also[edit]
Advertising: