CMK Is Unusable

  • Query id: 7350fa23-dcf7-4938-916d-6a60b0c73b50
  • Query name: CMK Is Unusable
  • Platform: Terraform
  • Severity: Medium
  • Category: Availability
  • URL: Github

Description

AWS Key Management Service (KMS) must only possess usable Customer Master Keys (CMK), which means the CMKs must have the attribute 'is_enabled' set to true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_kms_key" "a" {
  description             = "KMS key 1"
  is_enabled = false
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_kms_key" "a3" {
  description             = "KMS key 1"
  is_enabled = true
}