Mods

turbot/alicloud_compliance

GitHub
Overview
1Dashboards
78Controls
40Queries
0Variables
GitHub
Loading controls...
On This Page
Description
Remediation
Usage
SQL
Tags
Get Involved
Edit on GitHub
Discuss on Slack

Control: 5.8 Ensure server-side encryption is set to 'Encrypt with Service Key'

Description

Enable server-side encryption (Encrypt with Service Key) for objects.

Remediation

From Console

Perform the following to configure the OSS bucket to use SSE-KMS:

  1. Logon to OSS console.
  2. In the bucket-list pane, click on the target OSS bucket.
  3. Click Basic Setting in top middle of the console.
  4. Under the Server-side Encryption section, click on Configure.
  5. Click KMS and select KMS service key(alias/acs/oss).

Usage

Run the control in your terminal:

steampipe check alicloud_compliance.control.cis_v100_5_8

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share alicloud_compliance.control.cis_v100_5_8

SQL

This control uses a named query:

oss_bucket_encrypted_with_servcie_key

Tags

category = Compliance
cis = true
cis_item_id = 5.8
cis_level = 2
cis_section_id = 5
cis_type = manual
cis_version = v1.0.0
plugin = alicloud
service = AliCloud/OSS