Backup Vault is not encrypted at rest using KMS CMK

Description

Encrypting your data and resources with KMS helps protect your data from unauthorized access or tampering. By encrypting your data, you can ensure that only authorized users can access and decrypt the data, and that the data is protected while in storage or in transit. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.

Code Example

resource "aws_backup_vault" "backup_with_kms_key" {
    ...
  + kms_key_arn = aws_kms_key.example.arn
}

Remediation

Terraform

Resource: aws_backup_vault
Arguments: kms_key_arn

Rule Details

Field	Value
ID	IAC-0215
Severity	MEDIUM
IaC Type	Cloudformation
Frameworks	CloudFormation, Terraform, TerraformPlan, Serverless
Checkov ID	CKV_AWS_166

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Backup Vault is not encrypted at rest using KMS CMK

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Backup Vault is not encrypted at rest using KMS CMK ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Backup Vault is not encrypted at rest using KMS CMK

Description

Code Example

Remediation

Rule Details

References