Ensure AWS Key Management Service (KMS) key is enabled

Error: AWS Key Management Service (KMS) key is disabled

Bridgecrew Policy ID: BC_AWS_GENERAL_122
Checkov Check ID: CKV_AWS_227
Severity: LOW

AWS Key Management Service (KMS) key is disabled

Description

Ensuring that your Amazon Key Management Service (AWS KMS) key is enabled is important because it determines whether the key can be used to perform cryptographic operations. When a key is enabled, it can be used to encrypt, decrypt, and generate data keys. When it is disabled, it cannot be used for these operations.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_kms_key" "pass" {
  description = "description"
  is_enabled  = true
  policy      = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::111122223333:root"
      },
      "Action": "kms:*",
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "kms:*",
      "Resource": "*"
    },
  ]
}
POLICY
  tags        = { test = "Fail" }
}

Updated 9 months ago