[datagov-brokerpak-solr] CloudWatch log group not encrypted with managed key

[nickumia-reisys]

Date of report: 12/06/2022
Severity: Low

Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.

• CloudWatch log group not encrypted with managed key (Low)
  • Detailed paths
    • Path: terraform/ecs/provision/logging.tf
    • Introduced through: resource › aws_cloudwatch_log_group[ecs-logs] › kms_key_id
  • This issue is...
    • Log group is not encrypted with customer managed key
  • The impact of this is...
    • Scope of use of the key cannot be controlled via KMS/IAM policies
  • You can resolve it by...
    • Set kms_key_id attribute with customer managed key id
• CloudWatch log group not encrypted with managed key (Low)
  • Detailed paths
    • Path: terraform/ecs/provision/restarts.tf
    • Introduced through: resource › aws_cloudwatch_log_group[lambda-restarts] › kms_key_id
  • This issue is...
    • Log group is not encrypted with customer managed key
  • The impact of this is...
    • Scope of use of the key cannot be controlled via KMS/IAM policies
  • You can resolve it by...
    • Set kms_key_id attribute with customer managed key id

[nickumia-reisys]

Superseded by

• [Snyk] CloudWatch log group not encrypted with managed key GSA-TTS/datagov-brokerpak-solr#80