Ensure KMS Key Has Low Rotation Period

KMS Key is used to create a customer master key (CMK). The number of days to wait before the CMK is deleted. During this period, the CMK is in the PendingDeletion state and the delete operation can be canceled.

Suggest Edits

Risk Level: high
Platform: Alicloud
Spectral Rule ID: TFALCLD010

REMEDIATION

set a rotation_interval less than '365d' and automatic_rotation to 'Enabled'

- automatic_rotation      = "Disabled"
+ automatic_rotation      = "Enabled"

- rotation_interval       = "366d"
+ rotation_interval       = "7d"

https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/kms_key
https://www.alibabacloud.com/help/en/resource-orchestration-service/latest/aliyun-kms-key

Updated about 1 year ago

REMEDIATION

Read more: