terraform aws s3 bucket encryption resource always associated

From wikieduonline
Revision as of 11:55, 9 July 2024 by Welcome (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


terraform_aws_s3_bucket_encryption_resource_always_associated


Documentation:  Data stored on S3 buckets can be encrypted at rest. It is
              recommended to always have these encrypted. In Terraform, for
              every `aws_s3_bucket` definition, one needs to define a
              `aws_s3_bucket_server_side_encryption_configuration` definition
              which contains a rule to apply server side encryption. This rule
              checks if every S3 bucket has indeed such a definition. It is to
              be remarked that there is also a deprecated possibility to define
              a `server_side_encryption_configuration` block inside the
              `aws_s3_bucket` resource. This should be avoided and transformed
              into an external resource of type
              `aws_s3_bucket_server_side_encryption_configuration`.
              Remediation: For every resource of type `aws_s3_bucket`, ensure
              that there is an associated
              `aws_s3_bucket_server_side_encryption_configuration` resource
              defined. Inside this resource, under the `rule` section, there
              needs to be the `apply_server_side_encryption_by_default` block
              present.   Source: https://registry.terraform.io/providers/hashic
              orp/aws/latest/docs/resources/s3_bucket_server_side_encryption_co
              nfiguration

Related


See also

Advertising: