CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsAutomatic key rotation should be enabled for all symmetric encryption KMS keys. Key rotation does not require any change to applications that are using the key, so it is safe to enable at any time. This helps reduce the exposure window should the key material be leaked.
Set the aws_kms_key
enable_key_rotation
field to true
.
resource "aws_kms_key" "example" {
enable_key_rotation = true
# other required fields here
}
Set Properties.EnableKeyRotation
attribute to true
.