Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(terraform): Amazon RDS uses an AWS KMS key by default #5014

Closed
nikpivkin opened this issue Aug 18, 2023 · 0 comments · Fixed by aquasecurity/trivy-checks#29
Closed

fix(terraform): Amazon RDS uses an AWS KMS key by default #5014

nikpivkin opened this issue Aug 18, 2023 · 0 comments · Fixed by aquasecurity/trivy-checks#29
Assignees
@nikpivkin
Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Milestone
v0.48.0

Comments

@nikpivkin
Copy link
Contributor

Source: https://github.com/aquasecurity/tfsec/issues/2086

Amazon RDS uses the AWS managed key for new DB instance. Therefore, we need to improve the rule, and if Performance Insights is enabled, but the KMS key is not specified, then warn the user that he is not using the client key, and not say that performance insights is enabled without protection.

We can create 2 rules instead of 1. One to verify that Performance Insights is enabled and the second to verify the use of the client key. For example, how it is implemented to verify the EC2 volume encryption:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nikpivkin nikpivkin

Labels
scan/misconfiguration Issues relating to misconfiguration scanning
Projects
Trivy Roadmap
Archived in project
Milestone
v0.48.0
Development

Successfully merging a pull request may close this issue.

fix(rule): restate the AVD-AWS-0078 rule nikpivkin/trivy-checks
2 participants
@simar7 @nikpivkin