turbot/alicloud_compliance

GitHub
Loading controls...

Control: 5.9 Ensure server-side encryption is set to 'Encrypt with BYOK'

Description

Enable server-side encryption (Encrypt with Service Key) for objects.

Remediation

From Console

Perform the following to configure the OSS bucket to use SSE-KMS:

  1. Logon to OSS console.
  2. In the bucket-list pane, click on the target OSS bucket.
  3. Click Basic Setting in top middle of the console.
  4. Under the Server-side Encryption section, click on Configure.
  5. Click KMS and select KMS service key(alias/acs/oss).

Usage

Run the control in your terminal:

steampipe check alicloud_compliance.control.cis_v100_5_9

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share alicloud_compliance.control.cis_v100_5_9

SQL

This control uses a named query:

oss_bucket_encrypted_with_byok

Tags