Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Data/ Encryption at Rest
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk IDSNYK-CC-00730
- creditSnyk Research Team
Description
Although FSx for Windows file systems are encrypted by default with AWS-managed keys, customer-managed keys provide full control over access and administration policies and key rotation which may help meet compliance and security requirements.
How to fix?
Set the kms_key_id attribute in aws_fsx_windows_file_system resource to a valid key_arn.
Example Configuration
resource "aws_fsx_windows_file_system" "allow1" {
active_directory_id = aws_directory_service_directory.rule-730.id
subnet_ids = [data.aws_subnet.subnet-1.id]
throughput_capacity = 1024
kms_key_id = data.aws_kms_key.custom_key.arn
storage_capacity = 1200
}