Open bakosa opened 6 months ago
Describe the issue CKV_AWS_27 should handle the SqsManagedSseEnabled not just KmsMasterKeyId
SqsManagedSseEnabled
KmsMasterKeyId
Note CKV_AWS_27 on the Terraform side of the house already does this https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSQueueEncryption.py
Examples This should also pass CKV_AWS_27
AWSTemplateFormatVersion: "2010-09-09" Resources: MySourceQueue: Type: AWS::SQS::Queue Properties: RedrivePolicy: deadLetterTargetArn: "example_arn" maxReceiveCount: 5 SqsManagedSseEnabled: true
Version (please complete the following information):
Additional context Another thing to note is AWS by default will now do SSE on all newly created SQS queues https://aws.amazon.com/blogs/compute/announcing-server-side-encryption-with-amazon-simple-queue-service-managed-encryption-keys-sse-sqs-by-default/
Thank you for bringing this to our attention. It seems to be an easy fix, and we would appreciate your contribution.
Describe the issue CKV_AWS_27 should handle the
SqsManagedSseEnabled
not justKmsMasterKeyId
Note CKV_AWS_27 on the Terraform side of the house already does this https://github.com/bridgecrewio/checkov/blob/main/checkov/terraform/checks/resource/aws/SQSQueueEncryption.py
Examples This should also pass CKV_AWS_27
Version (please complete the following information):
Additional context Another thing to note is AWS by default will now do SSE on all newly created SQS queues https://aws.amazon.com/blogs/compute/announcing-server-side-encryption-with-amazon-simple-queue-service-managed-encryption-keys-sse-sqs-by-default/