Kinesis Not Encrypted With KMS
- Query id: f2ea6481-1d31-4d40-946a-520dc6321dd7
- Query name: Kinesis Not Encrypted With KMS
- Platform: Ansible
- Severity: High
- Category: Encryption
- URL: Github
Description¶
AWS Kinesis Streams and metadata should be protected with KMS
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Encrypt Kinesis Stream test-stream.
community.aws.kinesis_stream:
name: test-stream
state: present
shards: 1
encryption_type: KMS
key_id: alias/aws/kinesis
wait: yes
wait_timeout: 600
register: test_stream
- name: Encrypt Kinesis Stream test-stream. v2
community.aws.kinesis_stream:
name: test-stream
state: present
shards: 1
encryption_state: disabled
encryption_type: KMS
key_id: alias/aws/kinesis
wait: yes
wait_timeout: 600
register: test_stream
- name: Encrypt Kinesis Stream test-stream. v3
community.aws.kinesis_stream:
name: test-stream
state: present
shards: 1
encryption_state: enabled
key_id: alias/aws/kinesis
wait: yes
wait_timeout: 600
register: test_stream
- name: Encrypt Kinesis Stream test-stream. v4
community.aws.kinesis_stream:
name: test-stream
state: present
shards: 1
encryption_state: enabled
encryption_type: NONE
key_id: alias/aws/kinesis
wait: yes
wait_timeout: 600
register: test_stream
- name: Encrypt Kinesis Stream test-stream. v5
community.aws.kinesis_stream:
name: test-stream
state: present
shards: 1
encryption_state: enabled
encryption_type: KMS
wait: yes
wait_timeout: 600
register: test_stream