turbot/alicloud_compliance

Control: 5.9 Ensure server-side encryption is set to 'Encrypt with BYOK'

Description

Enable server-side encryption (Encrypt with Service Key) for objects.

Remediation

From Console

Perform the following to configure the OSS bucket to use SSE-KMS:

  1. Logon to OSS console.
  2. In the bucket-list pane, click on the target OSS bucket.
  3. Click Basic Setting in top middle of the console.
  4. Under the Server-side Encryption section, click on Configure.
  5. Click KMS and select KMS service key(alias/acs/oss).

Usage

Run the control in your terminal:

powerpipe control run alicloud_compliance.control.cis_v100_5_9

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run alicloud_compliance.control.cis_v100_5_9 --share

SQL

This control uses a named query:

oss_bucket_encrypted_with_byok

Tags