EFS Without KMS
- Query id: 25d251f3-f348-4f95-845c-1090e41a615c
- Query name: EFS Without KMS
- Platform: Terraform
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Amazon Elastic Filesystem should have filesystem encryption enabled using KMS CMK customer-managed keys instead of AWS managed-keys
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_efs_file_system" "positive1" {
creation_token = "my-product"
encrypted = true
tags = {
Name = "MyProduct"
}
}