turbot/alicloud_compliance

Control: 5.9 Ensure server-side encryption is set to 'Encrypt with BYOK'

Description

Enable server-side encryption (Encrypt with Service Key) for objects.

Remediation

From Console

Perform the following to configure the OSS bucket to use SSE-KMS:

  1. Logon to OSS console.
  2. In the bucket-list pane, click on the target OSS bucket.
  3. Click Basic Setting in top middle of the console.
  4. Under the Server-side Encryption section, click on Configure.
  5. Click KMS and select KMS service key(alias/acs/oss).

Usage

steampipe check alicloud_compliance.control.cis_v100_5_9

SQL

This control uses a named query:

oss_bucket_encrypted_with_byok

Tags