Skip to main content

OSS Bucket KMS Encryption Enabled

ID: rule:aliyun:oss-default-encryption-kms
Severity: medium
IaC Types: ROS, Terraform

Description

Ensures OSS bucket uses KMS for server-side encryption.

Reason for Violation

The OSS bucket does not use KMS for server-side encryption.

Recommendation

Set sse_algorithm to 'KMS' in server_side_encryption_rule.

Resource Types

  • ROS: ALIYUN::OSS::Bucket
  • Terraform: alicloud_oss_bucket