Feature Description
Add parameter to control whether EncryptionConfigRule checks for any KMS encryption or enforces a specific KMS key.
Use Case
Problem: Currently EncryptionConfigRule accepts any KMS key for compliance. Some customers may want to enforce their specific LogGuardian KMS key only, while others prefer flexibility to use any KMS key.
Solution: Add EnforceSpecificKMSKey parameter to make this configurable.
Proposed Solution
Add parameter:
- EnforceSpecificKMSKey (true/false, default: false)
- When true: Add InputParameters with KmsKeyId to enforce LogGuardian key
- When false: No InputParameters (accepts any KMS key)
Additional Context
Files: template.yaml (EncryptionConfigRule section)
Current: No InputParameters (any KMS key accepted)
Change: Conditional InputParameters based on parameter
Acceptance Criteria:
Feature Description
Add parameter to control whether EncryptionConfigRule checks for any KMS encryption or enforces a specific KMS key.
Use Case
Problem: Currently EncryptionConfigRule accepts any KMS key for compliance. Some customers may want to enforce their specific LogGuardian KMS key only, while others prefer flexibility to use any KMS key.
Solution: Add EnforceSpecificKMSKey parameter to make this configurable.
Proposed Solution
Add parameter:
Additional Context
Files: template.yaml (EncryptionConfigRule section)
Current: No InputParameters (any KMS key accepted)
Change: Conditional InputParameters based on parameter
Acceptance Criteria: