AWS Kinesis Firehose's delivery stream is not encrypted
Description
As a best practice enable encryption for your AWS Kinesis Firehose's delivery stream to improve data security without making changes to your business or applications.
Code Example
go
resource "aws_kinesis_firehose_delivery_stream" "pass" {
name = "terraform-kinesis-firehose-test-stream"
destination = "s3"
s3_configuration {
role_arn = aws_iam_role.firehose_role.arn
bucket_arn = aws_s3_bucket.bucket.arn
}
server_side_encryption {
enabled = true #default is false
}
tags = {
test = "failed"
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0288 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_AWS_240 |