Add “encryption: Y.BucketEncryption.KMSMANAGED"or"encryption:Y.BucketEncryption.S3_MANAGED” to the bucket props for Bucket construct $X Likelihood: LOW Confidence: MEDIUM CWE: - CWE-311: Missing Encryption of Sensitive Data
OWASP: - A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design
aws-cdk-bucket-enforcessl
Bucket $X is not set to enforce encryption-in-transit, if not explictly setting this on the bucket policy - the property “enforceSSL” should be set to true Likelihood: MEDIUM Confidence: MEDIUM CWE: - CWE-319: Cleartext Transmission of Sensitive Information
OWASP: - A03:2017 - Sensitive Data Exposure
- A02:2021 - Cryptographic Failures
awscdk-sqs-unencryptedqueue
Queue Xismissingencryptionatrest.Add"encryption:Y.QueueEncryption.KMS” or “encryption: $Y.QueueEncryption.KMS_MANAGED” to the queue props to enable encryption at rest for the queue. Likelihood: LOW Confidence: MEDIUM CWE: - CWE-311: Missing Encryption of Sensitive Data
OWASP: - A03:2017 - Sensitive Data Exposure
- A04:2021 - Insecure Design