S3 Bucket SSE Disabled

  • Query id: 309edc5b-5a59-42b4-a357-d4d098311fd4
  • Query name: S3 Bucket SSE Disabled
  • Platform: Ansible
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

If algorithm is AES256 then the master key is null, empty or undefined, otherwise the master key is required
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
---
- name: mys3Bucket
  amazon.aws.s3_bucket:
      name: mys3bucket
      state: present
      encryption: "aws:kms"

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: mys3Bucket
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    encryption: AES256