OSS Bucket Server-Side Encryption Enabled

ID: rule:aliyun:oss-bucket-server-side-encryption-enabled
Severity: high

Description

OSS buckets should have server-side encryption enabled to protect data at rest. Server-side encryption uses KMS or AES256 to encrypt data stored in OSS.

Reason for Violation

The OSS bucket does not have server-side encryption enabled, which may expose sensitive data to unauthorized access.

Recommendation

Enable server-side encryption for the OSS bucket by configuring the ServerSideEncryptionConfiguration property with SSEAlgorithm set to KMS, AES256, or SM4.

Resource Types

ALIYUN::OSS::Bucket

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types