Severity Framework
Snyk CCSS
Rule category
Keys and Secrets / Best Practices
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
AWS-Well-Architected
CIS-AWS
CIS-Controls
CSA-CCM
ISO-27001
PCI-DSS
SOC-2
- Snyk ID SNYK-CC-00032
- credit Snyk Research Team
Description
Automatic key rotation should be enabled for all symmetric encryption KMS keys. Key rotation does not require any change to applications that are using the key, so it is safe to enable at any time. This helps reduce the exposure window should the key material be leaked.
How to fix?
Set the aws_kms_key
enable_key_rotation
field to true
.
Example Configuration
resource "aws_kms_key" "example" {
enable_key_rotation = true
# other required fields here
}