S3 Bucket Without Server-side-encryption

Query id: 594f54e7-f744-45ab-93e4-c6dbaf6cd571
Query name: S3 Bucket Without Server-side-encryption
Platform: Ansible
Severity: High
Category: Encryption
CWE: <a href="https://cwe.mitre.org/data/definitions/311.html" onclick="newWindowOpenerSafe(event, 'https://cwe.mitre.org/data/definitions/311.html')">311
URL: <a href="https://github.com/Checkmarx/kics/tree/master/assets/queries/ansible/aws/s3_bucket_without_server-side_encryption">Github

AWS S3 Storage should be protected with SSE (Server-Side Encryption)
Documentation

Positive test num. 1 - yaml file

- name: Create a simple s3 bucket
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    encryption: "none"

Negative test num. 1 - yaml file

- name: Create a simple s3 bucket v2
  amazon.aws.s3_bucket:
    name: mys3bucket
    state: present
    encryption: aws:kms