Session Manager data is not encrypted in transit
Description
This policy identifies AWS RDS DB (Relational Database Service Database) cluster snapshots which are not encrypted. It is highly recommended to implement encryption at rest when you are working with production data that have sensitive information, to protect from unauthorized access.
Fix - Buildtime
Terraform
- Resource: aws_ssm_document
- Argument: kmsKeyId
```go aws_ssm_document.test.tf resource "aws_ssm_document" "enabled" { name = "SSM-SessionManagerRunShell" document_type = "Session"
content = <<DOC
{
...
"inputs": {
...
"s3EncryptionEnabled": true,
+ "kmsKeyId": "${var.kms_key_id}",
"runAsEnabled": false,
...
}
}
}
DOC
}
```