github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/s3/AVD-AWS-0132/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/s3/AVD-AWS-0132/Terraform.md (about)

     1  
     2  Enable encryption using customer managed keys
     3  
     4  ```hcl
     5  resource "aws_kms_key" "good_example" {
     6    enable_key_rotation = true
     7  }
     8  
     9  resource "aws_s3_bucket" "good_example" {
    10     bucket = "mybucket"
    11   
    12     server_side_encryption_configuration {
    13       rule {
    14         apply_server_side_encryption_by_default {
    15           kms_master_key_id = aws_kms_key.example.arn
    16           sse_algorithm     = "aws:kms"
    17         }
    18       }
    19     }
    20   }
    21   
    22  ```
    23  ```hcl
    24  resource "aws_s3_bucket" "good_example" {
    25     bucket = "mybucket" 
    26     acl    = "log-delivery-write"
    27   
    28     server_side_encryption_configuration {
    29       rule {
    30         apply_server_side_encryption_by_default {
    31           sse_algorithm     = "AES256"
    32         }
    33       }
    34     }
    35   }
    36   
    37  ```
    38  
    39  #### Remediation Links
    40   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#enable-default-server-side-encryption
    41