AWS RDS Cluster activity streams are not encrypted by Key Management Service (KMS) using Customer Managed Keys (CMKs)

Description

This policy identifies RDS Cluster activity streams which are encrypted with default KMS keys and not with Keys managed by Customer. It is a best practice to use customer managed KMS Keys to encrypt your RDS Cluster activity streams data. It gives you full control over the encrypted data.

Code Example

resource "aws_rds_cluster_activity_stream" "pass" {
  resource_arn = aws_rds_cluster.default.arn
  mode         = "async"
  kms_key_id   = aws_kms_key.default.key_id

  depends_on = [aws_rds_cluster_instance.default]
}

Remediation

Terraform

Resource: aws_rds_cluster_activity_stream
Arguments: kms_key_id

Rule Details

Field	Value
ID	IAC-0294
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_AWS_246

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS RDS Cluster activity streams are not encrypted by Key Management Service (KMS) using Customer Managed Keys (CMKs)

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS RDS Cluster activity streams are not encrypted by Key Management Service (KMS) using Customer Managed Keys (CMKs) ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS RDS Cluster activity streams are not encrypted by Key Management Service (KMS) using Customer Managed Keys (CMKs)

Description

Code Example

Remediation

Rule Details

References