CMK Is Unusable

  • Query id: ed6e3ba0-278f-47b6-a1f5-173576b40b7e
  • Query name: CMK Is Unusable
  • Platform: Terraform
  • Severity: Medium
  • Category: Availability
  • URL: Github

Description

Alicloud KMS must only possess usable Customer Master Keys (CMK), which means the CMKs must have the attribute 'is_enabled' set to true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_kms_key" "key" {
  description             = "Hello KMS"
  pending_window_in_days  = "7"
  status                  = "Enabled"
}
Positive test num. 2 - tf file
resource "alicloud_kms_key" "key" {
  description             = "Hello KMS"
  pending_window_in_days  = "7"
  status                  = "Enabled"
  is_enabled              = false
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_kms_key" "key" {
  description             = "Hello KMS"
  pending_window_in_days  = "7"
  status                  = "Enabled"
  is_enabled              = true
}