Ensure storage bucket is encrypted.

Description

This policy checks whether server-side encryption is enabled for object storage buckets by default. Server-side encryption protects data at rest from unauthorized access, ensuring confidentiality and integrity. Enabling encryption by default for storage buckets is crucial to prevent data breaches. If encryption is not enabled, sensitive data may be exposed to unauthorized parties.

Code Example

terraform

resource "yandex_storage_bucket" "example" {
  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = "your-kms-master-key-id"
      }
    }
  }
}

Remediation

Enable server-side encryption by default for the storage bucket using a KMS master key.

Rule Details

Field	Value
ID	IAC-1336
Severity	HIGH
IaC Type	Terraform
Frameworks	yandex_storage_bucket
Checkov ID	CKV_YC_3

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure storage bucket is encrypted.

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure storage bucket is encrypted. ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure storage bucket is encrypted.

Description

Code Example

Remediation

Rule Details

References