Audit
awscdk-bucket-encryption
awscdk-bucket-encryption
Add “encryption: Y.BucketEncryption.S3_MANAGED” to the bucket props for Bucket construct $X
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
aws-cdk-bucket-enforcessl
aws-cdk-bucket-enforcessl
Bucket $X is not set to enforce encryption-in-transit, if not explictly setting this on the bucket policy - the property “enforceSSL” should be set to true
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-319: Cleartext Transmission of Sensitive Information
OWASP:
- A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
awscdk-sqs-unencryptedqueue
awscdk-sqs-unencryptedqueue
Queue Y.QueueEncryption.KMS” or “encryption: $Y.QueueEncryption.KMS_MANAGED” to the queue props to enable encryption at rest for the queue.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-311: Missing Encryption of Sensitive Data
OWASP:
- A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design