SSM session is not using KMS to encrypt data between client and EC2 instance Affecting SSM service in AWS


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Keys and Secrets/ Access

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CIS-ControlsCSA-CCMNIST-800-53
  • Snyk IDSNYK-CC-00261
  • creditSnyk Research Team

Description

Data transferred between client and EC2 instance will use TLS encryption only which may be brokered by proxies. Use KSM to add additional layer of protection.

How to fix?

Set Properties.Content.inputs.kmsKeyId to a valid KMS key.

Terraform