AWS Image Builder component not encrypted using Customer Managed Key
Description
This is a simple check to ensure that Image builder component is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the component.
Code Example
go
resource "aws_imagebuilder_component" "example" {
data = yamlencode({
phases = [{
name = "build"
steps = [{
action = "ExecuteBash"
inputs = {
commands = ["echo 'hello world'"]
}
name = "example"
onFailure = "Continue"
}]
}]
schemaVersion = 1.0
})
name = "example"
platform = "Linux"
version = "1.0.0"
kms_key_id = "ckv_kms"
}Remediation
Terraform
- Resource: aws_imagebuilder_component
- Attribute: kms_key_id - (Optional) Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0229 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_180 |