Kinesis Not Encrypted With KMS
- Query id: 862fe4bf-3eec-4767-a517-40f378886b88
- Query name: Kinesis Not Encrypted With KMS
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: 326
- URL: Github
Description¶
AWS Kinesis Streams and metadata should be protected with KMS
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_kinesis_stream" "positive1" {
name = "terraform-kinesis-test"
shard_count = 1
retention_period = 48
shard_level_metrics = [
"IncomingBytes",
"OutgoingBytes",
]
tags = {
Environment = "test"
}
}
resource "aws_kinesis_stream" "positive2" {
name = "terraform-kinesis-test"
shard_count = 1
retention_period = 48
shard_level_metrics = [
"IncomingBytes",
"OutgoingBytes",
]
tags = {
Environment = "test"
}
encryption_type = "NONE"
}
resource "aws_kinesis_stream" "positive3" {
name = "terraform-kinesis-test"
shard_count = 1
retention_period = 48
shard_level_metrics = [
"IncomingBytes",
"OutgoingBytes",
]
tags = {
Environment = "test"
}
encryption_type = "KMS"
}