KMS Key With No Deletion Window

  • Query id: 0b530315-0ea4-497f-b34c-4ff86268f59d
  • Query name: KMS Key With No Deletion Window
  • Platform: Terraform
  • Severity: High
  • Category: Observability
  • URL: Github

Description

AWS KMS Key should have a valid deletion window
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_kms_key" "positive1" {
  description             = "KMS key 1"

  is_enabled = true

  enable_key_rotation = true

}


resource "aws_kms_key" "positive2" {
  description             = "KMS key 1"

  is_enabled = true

  enable_key_rotation = true

  deletion_window_in_days = 31
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_kms_key" "negative1" {
  description             = "KMS key 1"

  is_enabled = true

  enable_key_rotation = true

  deletion_window_in_days = 10
}