SSM Session Transit Encryption Disabled
- Query id: ce60cc6b-6831-4bd7-84a2-cc7f8ee71433
- Query name: SSM Session Transit Encryption Disabled
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
SSM Session should be encrypted in transit
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_ssm_document" "positive1" {
name = "test_document"
document_type = "Session"
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance."
}
DOC
}
Positive test num. 2 - tf file
resource "aws_ssm_document" "positive2" {
name = "test_document"
document_type = "Session"
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance.",
"inputs": {
"s3EncryptionEnabled": true,
"cloudWatchEncryptionEnabled": true,
"cloudWatchStreamingEnabled": true,
"runAsEnabled": false
}
}
DOC
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_ssm_document" "negative" {
name = "test_document"
document_type = "Session"
content = <<DOC
{
"schemaVersion": "1.2",
"description": "Check ip configuration of a Linux instance.",
"inputs": {
"s3EncryptionEnabled": true,
"cloudWatchEncryptionEnabled": true,
"cloudWatchStreamingEnabled": true,
"runAsEnabled": false,
"kmsKeyId": "${var.kms_key_id}"
}
}
DOC
}