Skip to content

Instantly share code, notes, and snippets.

@eerkunt

eerkunt/s3_encryption_with_kms.feature

Created February 26, 2020 20:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save eerkunt/14937f856d0f18e53dd598a716e3f090 to your computer and use it in GitHub Desktop.
Save eerkunt/14937f856d0f18e53dd598a716e3f090 to your computer and use it in GitHub Desktop.
Download ZIP
more detailed s3 encryption terraform-compliance sample
Raw
s3_encryption_with_kms.feature
Feature: Ensure that we have encryption everywhere.
Scenario: Reject if an S3 bucket is not encrypted with KMS
Given I have aws_s3_bucket defined
Then it must contain server_side_encryption_configuration
And it must contain rule
And it must contain apply_server_side_encryption_by_default
And it must contain sse_algorithm
And its value must match the "aws:kms" regex
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment