stelligent / cfn_nag

Linting tool for CloudFormation templates
MIT License
1.26k stars 212 forks source link

Secrets Manager Secret should explicitly specify KmsKeyId #597

Closed mehdi-dev-ops closed 7 months ago

mehdi-dev-ops commented 2 years ago

Hello, I am using dynamic references to retrieve a username and a password stored in AWS Secrets Manager: UserName: '{{resolve:secretsmanager:FSxSecret:SecretString:username}}' Password: '{{resolve:secretsmanager:FSxSecret:SecretString:password}}' My pipeline failed with the following error: "Secrets Manager Secret should explicitly specify KmsKeyId. Besides control of the key this will allow the secret to be shared cross-account" I don't want to share any Secret with any other account. I added the KmsKeyId property to my code and the pipeline is still failing. Any idea please ?