search

bridgecrewio / checkov

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
https://www.checkov.io/
Apache License 2.0
6.72k stars 1.08k forks source link

CloudFormation CKV_AWS_27 does not support SqsManagedSseEnabled property for encryption #5869

Open bakosa opened 6 months ago

bakosa commented 6 months ago

Describe the issue CKV_AWS_27 should handle the SqsManagedSseEnabled not just KmsMasterKeyId

Note CKV_AWS_27 on the Terraform side of the house already does this https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSQueueEncryption.py

Examples This should also pass CKV_AWS_27

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  MySourceQueue:
    Type: AWS::SQS::Queue
    Properties:
      RedrivePolicy:
        deadLetterTargetArn: "example_arn"
        maxReceiveCount: 5
      SqsManagedSseEnabled: true

Version (please complete the following information):

Additional context Another thing to note is AWS by default will now do SSE on all newly created SQS queues https://aws.amazon.com/blogs/compute/announcing-server-side-encryption-with-amazon-simple-queue-service-managed-encryption-keys-sse-sqs-by-default/

AdamDev commented 6 days ago

Thank you for bringing this to our attention. It seems to be an easy fix, and we would appreciate your contribution.