CMK Is Unusable
- Query id: ed6e3ba0-278f-47b6-a1f5-173576b40b7e
- Query name: CMK Is Unusable
- Platform: Terraform
- Severity: Medium
- Category: Availability
- URL: Github
Description¶
Alicloud KMS must only possess usable Customer Master Keys (CMK), which means the CMKs must have the attribute 'is_enabled' set to true
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_kms_key" "key" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
}
Positive test num. 2 - tf file
resource "alicloud_kms_key" "key" {
description = "Hello KMS"
pending_window_in_days = "7"
status = "Enabled"
is_enabled = false
}