Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-6245

Disabling server-side encryption of S3 buckets is security-sensitive

    XMLWordPrintable

    Details

    • Type: Security Hotspot Detection
    • Status: Active
    • Resolution: Unresolved
    • Message:
      Make sure not using server-side encryption is safe here.
    • Default Severity:
      Minor
    • Impact:
      Low
    • Likelihood:
      Low
    • Default Quality Profiles:
      Sonar way
    • Analysis Level:
      Syntactic Analysis
    • Analysis Scope:
      Main Sources
    • CIS:
      2.1.1
    • CWE:
      CWE-311
    • OWASP:
      A3, A6
    • Checkov:
      CKV_AWS_19

      Description

      Server-side encryption (SSE) encrypts an object (not the metadata) as it is written to disk (where the S3 bucket resides) and decrypts it as it is read from disk. This doesn't change the way the objects are accessed, as long as the user has the necessary permissions, objects are retrieved as if they were unencrypted. Thus, SSE only helps in the event of disk thefts, improper disposals of disks and other attacks on the AWS infrastructure itself.

      There are three SSE options:

      • Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3)
        • AWS manages encryption keys and the encryption itself (with AES-256) on its own.
      • Server-Side Encryption with Customer Master Keys (CMKs) Stored in AWS Key Management Service (SSE-KMS)
        • AWS manages the encryption (AES-256) of objects and encryption keys provided by the AWS KMS service.
      • Server-Side Encryption with Customer-Provided Keys (SSE-C)
        • AWS manages only the encryption (AES-256) of objects with encryption keys provided by the customer. AWS doesn't store the customer's encryption keys.

      Ask Yourself Whether

      • The S3 bucket stores sensitive information.
      • The infrastructure needs to comply to some regulations, like HIPAA or PCI DSS, and other standards.

      There is a risk if you answered yes to any of those questions.

      Recommended Secure Coding Practices

      It's recommended to use SSE. Choosing the appropriate option depends on the level of control required for the management of encryption keys.

      See

        Attachments

        1.
        Terraform RSPEC-6247 Language-Specification Active Unassigned
        2.
        CloudFormation RSPEC-6248 Language-Specification Active Unassigned

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            eric.therond Eric Therond
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: