KMS Key With No Deletion Window
- Query id: 0b530315-0ea4-497f-b34c-4ff86268f59d
- Query name: KMS Key With No Deletion Window
- Platform: Terraform
- Severity: High
- Category: Observability
- URL: Github
Description¶
AWS KMS Key should have a valid deletion window
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "aws_kms_key" "positive1" {
description = "KMS key 1"
is_enabled = true
enable_key_rotation = true
}
resource "aws_kms_key" "positive2" {
description = "KMS key 1"
is_enabled = true
enable_key_rotation = true
deletion_window_in_days = 31
}