aws-security-reference-architecture-examples icon indicating copy to clipboard operation
aws-security-reference-architecture-examples copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

[FEATURE] Enabling Encryption with the SRA

Open tanhamza opened this issue 2 years ago • 0 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Is your feature request related to a problem? Please describe

  • Currently, SRA is using SSM parameters for non-sensitive data (e.g., Organization ID, Management Account ID). Having the SSM parameters encrypted, or an option during the deployment would be nice.

  • A Customer has a control that requires all SSM parameters to be encrypted by their CMK.

Describe the solution you'd like

  • Implement SSM parameters encrypted despite whether they have sensitive data. Preferably, provide an option for customer to provide the CMK to be used.

  • Also, ok with moving to Secrets Manager for encrypted secrets, if that is easier.

tanhamza avatar Jul 18 '22 17:07 tanhamza