Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_kinesis_firehose_delivery_stream resources should have server_side_encryption enabled by default #20

Open
scott-maclure-phx opened this issue Jan 8, 2023 · 0 comments
Open

aws_kinesis_firehose_delivery_stream resources should have server_side_encryption enabled by default #20

scott-maclure-phx opened this issue Jan 8, 2023 · 0 comments

Comments

@scott-maclure-phx
Copy link

scott-maclure-phx commented Jan 8, 2023
edited
Loading

Why? Because compliance/config policy sets will pick up on encryption at rest violations.

See https://github.com/SumoLogic/terraform-sumologic-sumo-logic-integrations/blob/master/aws/kinesisfirehoseformetrics/kinesisfirehoseformetrics.tf#L97

And https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kinesis_firehose_delivery_stream#server_side_encryption

Could be AWS managed key (default) or a CMK (pass the ARN into the module as an argument)?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@scott-maclure-phx