terraform.aws.security.aws-fsx-lustre-files-ystem.aws-fsx-lustre-filesystem-encrypted-with-cmk

profile photo of semgrepsemgrep
Author
unknown
Download Count*
LGPL Commons Clause
License

Ensure FSX Lustre file system is encrypted at rest using KMS CMKs. CMKs gives you control over the encryption key in terms of access and rotation.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit RuleView Source
Open in Playground 
rules:
  - id: aws-fsx-lustre-filesystem-encrypted-with-cmk
    patterns:
      - pattern: |
          resource "aws_fsx_lustre_file_system" $ANYTHING {
            ...
          }
      - pattern-not-inside: |
          resource "aws_fsx_lustre_file_system" $ANYTHING {
            ...
            kms_key_id = ...
            ...
          }
      - pattern-regex: (^aws_kms_key\.(.*))
    message: Ensure FSX Lustre file system is encrypted at rest using KMS CMKs. CMKs
      gives you control over the encryption key in terms of access and rotation.
    metadata:
      category: security
      technology:
        - terraform
        - aws
      owasp:
        - A01:2021 - Broken Access Control
      cwe:
        - "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
      references:
        - https://owasp.org/Top10/A01_2021-Broken_Access_Control
      cwe2021-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: LOW
      confidence: LOW
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
      vulnerability_class:
        - Mishandled Sensitive Information
    languages:
      - hcl
    severity: WARNING