TLS not enforced in SES configuration set
Description
This policy checks whether the Simple Email Service (SES) Configuration configured in AWS enforces Transport Layer Security (TLS). TLS plays a crucial role in safeguarding the confidentiality and integrity of transmitted data, especially in emails. Not enforcing TLS can potentially expose data to risks such as interception and manipulation.
Code Example
go
resource "aws_ses_configuration_set" "example" {
...
delivery_options {
tls_policy = "Require"
}
}Remediation
Terraform
- Resource: aws_ses_configuration_set
- Arguments: delivery_options.tls_policy
To fix this issue, modify your AWS Simple Email Service (SES) configurations to ensure the enforcement of Transport Layer Security (TLS) usage.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0412 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_365 |