Ensure AWS Key Management Service (KMS) key is enabled
Error: AWS Key Management Service (KMS) key is disabled
Bridgecrew Policy ID: BC_AWS_GENERAL_122
Checkov Check ID: CKV_AWS_227
Severity: LOW
AWS Key Management Service (KMS) key is disabled
Description
Ensuring that your Amazon Key Management Service (AWS KMS) key is enabled is important because it determines whether the key can be used to perform cryptographic operations. When a key is enabled, it can be used to encrypt, decrypt, and generate data keys. When it is disabled, it cannot be used for these operations.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_kms_key" "pass" {
description = "description"
is_enabled = true
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::111122223333:root"
},
"Action": "kms:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "kms:*",
"Resource": "*"
},
]
}
POLICY
tags = { test = "Fail" }
}
Updated 9 months ago