AWS EBS Snapshot Copy not encrypted using Customer Managed Key

Description

This is a simple check to ensure that the EBS Snapshot copy is using AWS key management - KMS to encrypt its contents. To resolve add the ARN of your KMS or link on creation of the snapshot.

Code Example

resource "aws_ebs_snapshot_copy" "example_copy" {
  source_snapshot_id = aws_ebs_snapshot.example_snapshot.id
  source_region      = "us-west-2"
  + kms_key_id           = "ckv_kms"
  tags = {
    Name = "HelloWorld_copy_snap"
  }
}

Remediation

Terraform

Resource: aws_ebs_snapshot_copy
Attribute: kms_key_id - The ARN for the KMS encryption key.

Rule Details

Field	Value
ID	IAC-0232
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform, TerraformPlan
Checkov ID	CKV_AWS_183

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS EBS Snapshot Copy not encrypted using Customer Managed Key

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS EBS Snapshot Copy not encrypted using Customer Managed Key ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS EBS Snapshot Copy not encrypted using Customer Managed Key

Description

Code Example

Remediation

Rule Details

References