Add “encryption: Y.BucketEncryption.KMSMANAGED"or"encryption:Y.BucketEncryption.KMS_MANAGED" or "encryption: Y.BucketEncryption.S3_MANAGED” to the bucket props for Bucket construct $X
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
Bucket $X is not set to enforce encryption-in-transit, if not explictly setting this on the bucket policy - the property “enforceSSL” should be set to true
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
Queue Xismissingencryptionatrest.Add"encryption:X is missing encryption at rest. Add "encryption: Y.QueueEncryption.KMS” or “encryption: $Y.QueueEncryption.KMS_MANAGED” to the queue props to enable encryption at rest for the queue.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design