Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KMS encryption #105

Closed
nitrocode opened this issue Nov 4, 2021 · 1 comment · Fixed by #178
Closed

KMS encryption #105

nitrocode opened this issue Nov 4, 2021 · 1 comment · Fixed by #178
Labels
wontfix This will not be worked on

Comments

@nitrocode
Copy link
Member

nitrocode commented Nov 4, 2021
edited
Loading

KMS encryption as a default

From bridgecrew

     Resource: aws_s3_bucket.default | ID: BC_AWS_GENERAL_56

terraform-aws-tfstate-backend/main.tf

Lines 174 to 180 in 7372db1

server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}

Should be

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = var.kms_master_key_id
        sse_algorithm     = "aws:kms"
      }
    }
  }

where kms_master_key_id should be something like ?

variable "kms_master_key_id" {
  default = "alias/aws/s3"
}

or simply keep kms_master_key_id = "" and set a dynamic for apply_server_side_encryption_by_default
@nitrocode nitrocode mentioned this issue Nov 4, 2021
Merged
@Nuru Nuru added the wontfix This will not be worked on label Apr 23, 2023
@Nuru
Copy link
Contributor

Nuru commented Apr 23, 2023

We may add support for KMS encryption in the future, but we will not make it the default.

@Nuru Nuru closed this as completed Apr 23, 2023
pazaan pushed a commit to pazaan/terraform-aws-tfstate-backend that referenced this issue Jul 4, 2024
Add the ability to use KMS encyption through the addition of the
53b8270 
`sse_encryption` and `kms_master_key_id` variables.

* Fixes cloudposse#105
pazaan pushed a commit to pazaan/terraform-aws-tfstate-backend that referenced this issue Jul 4, 2024
Add ability to use KMS encryption
7fac6a6 
Add the ability to use KMS encyption through the addition of the
`sse_encryption` and `kms_master_key_id` variables.

* Fixes cloudposse#105

Clean up documentation
pazaan pushed a commit to pazaan/terraform-aws-tfstate-backend that referenced this issue Jul 4, 2024
Add ability to use KMS encryption
e372d46 
Add the ability to use KMS encyption through the addition of the
`sse_encryption` and `kms_master_key_id` variables.

* Fixes cloudposse#105
@pazaan pazaan mentioned this issue Jul 4, 2024
Merged
Gowiem added a commit that referenced this issue Jul 4, 2024
@pazaan @Gowiem
Add ability to use KMS encryption (#178)
01232bd 
Add the ability to use KMS encyption through the addition of the
`sse_encryption` and `kms_master_key_id` variables.

* Fixes #105

Co-authored-by: Lennart Goedhart <lgoedhart-ic@akiliinteractive.com>
Co-authored-by: Matt Gowie <gowie.matt@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add ability to use KMS encryption pazaan/terraform-aws-tfstate-backend
2 participants
@Nuru @nitrocode