terraform-aws-tfstate-backend
terraform-aws-tfstate-backend copied to clipboard
cloudposse
KMS encryption
KMS encryption as a default
From bridgecrew
Resource: aws_s3_bucket.default | ID: BC_AWS_GENERAL_56
https://github.com/cloudposse/terraform-aws-tfstate-backend/blob/7372db13785fdb9de50ec4812d82ffbb26e3e6d6/main.tf#L174-L180
Should be
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = var.kms_master_key_id
sse_algorithm = "aws:kms"
}
}
}
where kms_master_key_id should be something like ?
variable "kms_master_key_id" {
default = "alias/aws/s3"
}
or simply keep kms_master_key_id = "" and set a dynamic for apply_server_side_encryption_by_default
