auto-rotate-keys
Default Severity: medium
Explanation
You should configure your KMS keys to auto rotate to maintain security and defend against compromise.
Possible Impact
Long life KMS keys increase the attack surface when compromised
Suggested Resolution
Configure KMS key to auto rotate
Insecure Example
The following example will fail the aws-kms-auto-rotate-keys check.
resource "aws_kms_key" "bad_example" {
enable_key_rotation = false
}
Secure Example
The following example will pass the aws-kms-auto-rotate-keys check.
resource "aws_kms_key" "good_example" {
enable_key_rotation = true
}