S3 Bucket Without Server-side-encryption

  • Query id: 594f54e7-f744-45ab-93e4-c6dbaf6cd571
  • Query name: S3 Bucket Without Server-side-encryption
  • Platform: Ansible
  • Severity: High
  • Category: Encryption
  • URL: Github

Description

AWS S3 Storage should be protected with SSE (Server-Side Encryption)
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file
- name: Create a simple s3 bucket
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    encryption: "none"

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create a simple s3 bucket v2
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    encryption: aws:kms