AWS Kinesis Video Stream not encrypted using Customer Managed Key
Description
This is a simple check to ensure that Kinesis Video Stream is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the cluster.
Code Example
go
resource "aws_kinesis_video_stream" "default" {
name = "terraform-kinesis-video-stream"
data_retention_in_hours = 1
device_name = "kinesis-video-device-name"
media_type = "video/h264"
+ kms_ke_id = "ckv_kms"
tags = {
Name = "terraform-kinesis-video-stream"
}
}Remediation
Terraform
- Resource: aws_kinesis_video_stream
- Attribute: kms_key_id - (Optional)
The ID of the AWS Key Management Service (AWS KMS) key that you want Kinesis Video Streams to use to encrypt stream data. If no key ID is specified, the default, Kinesis Video-managed key (aws/kinesisvideo) is used.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0226 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_177 |