OSS Bucket Encryption Using CMK Disabled
- Query id: f20e97f9-4919-43f1-9be9-f203cd339cdd
- Query name: OSS Bucket Encryption Using CMK Disabled
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
OSS Bucket should have encryption enabled using Customer Master Key
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_oss_bucket" "bucket_cmk_encryption2" {
bucket = "bucket-170309-sserule"
acl = "private"
server_side_encryption_rule {
sse_algorithm = "AES256"
}
}
Positive test num. 2 - tf file
resource "alicloud_oss_bucket" "bucket_cmk_encryption3" {
bucket = "bucket-170309-sserule"
acl = "private"
}