S3 partial encrypt CDK High

Failing to encrypt a bucket could lead to sensitive data being exposed to unauthorized users, consider adding S3_MANAGED of KMS_MANAGED encryption while creating a bucket.

Detector ID
python/s3-partial-encrypt-cdk@v1.0
Category
Common Weakness Enumeration (CWE) external icon
-

Noncompliant example

1import aws_cdk as cdk
2from aws_cdk import aws_s3 as s3
3
4
5class S3PartialEncrypt(cdk.Stack):
6
7    def s3_partial_encrypt_noncompliant(self):
8        # Noncompliant: No encryption specified
9        bucket = s3.Bucket(self, 's3-bucket-bad')

Compliant example

1import aws_cdk as cdk
2from aws_cdk import aws_s3 as s3
3
4
5class S3PartialEncrypt(cdk.Stack):
6
7    def s3_partial_encrypt_compliant(self):
8        # Compliant: S3_MANAGED encryption specified
9        bucket = s3.Bucket(self, 's3-bucket',
10                           encryption=s3.BucketEncryption.S3_MANAGED)