Difference between revisions of "Terraform aws s3 bucket encryption resource always associated"
Jump to navigation
Jump to search
| Line 28: | Line 28: | ||
== See also == | == See also == | ||
| + | * {{aws_s3_bucket_server_side_encryption_configuration}} | ||
* {{coguard}} | * {{coguard}} | ||
[[Category:S3]] | [[Category:S3]] | ||
Revision as of 11:50, 9 July 2024
terraform_aws_s3_bucket_encryption_resource_always_associated
Documentation: Data stored on S3 buckets can be encrypted at rest. It is
recommended to always have these encrypted. In Terraform, for
every `aws_s3_bucket` definition, one needs to define a
`aws_s3_bucket_server_side_encryption_configuration` definition
which contains a rule to apply server side encryption. This rule
checks if every S3 bucket has indeed such a definition. It is to
be remarked that there is also a deprecated possibility to define
a `server_side_encryption_configuration` block inside the
`aws_s3_bucket` resource. This should be avoided and transformed
into an external resource of type
`aws_s3_bucket_server_side_encryption_configuration`.
Remediation: For every resource of type `aws_s3_bucket`, ensure
that there is an associated
`aws_s3_bucket_server_side_encryption_configuration` resource
defined. Inside this resource, under the `rule` section, there
needs to be the `apply_server_side_encryption_by_default` block
present. Source: https://registry.terraform.io/providers/hashic
orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
nfiguration
See also
Advertising:
