S3 Bucket Object Not Encrypted
- Query id: 5fb49a69-8d46-4495-a2f8-9c8c622b2b6e
- Query name: S3 Bucket Object Not Encrypted
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 311
- URL: Github
Description¶
S3 Bucket Object should have server-side encryption enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_s3_bucket" "examplebucket" {
bucket = "examplebuckettftest"
acl = "private"
versioning {
enabled = true
}
object_lock_configuration {
object_lock_enabled = "Enabled"
}
}
resource "aws_s3_bucket_object" "examplebucket_object" {
key = "someobject"
bucket = aws_s3_bucket.examplebucket.id
source = "index.html"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_s3_bucket" "examplebucket" {
bucket = "examplebuckettftest"
acl = "private"
versioning {
enabled = true
}
object_lock_configuration {
object_lock_enabled = "Enabled"
}
}
resource "aws_s3_bucket_object" "examplebucket_object" {
key = "someobject"
bucket = aws_s3_bucket.examplebucket.id
source = "index.html"
server_side_encryption = "AES256"
}