OSS Bucket BYOK Encryption Check

ID: rule:aliyun:oss-encryption-byok-check
Severity: medium

Description

OSS buckets should use customer-managed KMS keys (BYOK - Bring Your Own Key) for encryption. This provides better control over encryption keys and meets compliance requirements.

Reason for Violation

The OSS bucket does not use customer-managed KMS keys for encryption, which may not meet compliance requirements for key management.

Recommendation

Configure the OSS bucket to use customer-managed KMS keys by setting SSEAlgorithm to KMS and specifying a KMSMasterKeyID in ServerSideEncryptionConfiguration.

Resource Types

ALIYUN::OSS::Bucket

Description​

Reason for Violation​

Recommendation​

Resource Types​

Description

Reason for Violation

Recommendation

Resource Types