CMK is unusable

ID

aws_cmk_unusable

Severity

low

Vendor

AWS

Resource

Encryption

Tags

reachable

Description

CMK is unusable. CMKs must have the attribute enabled=true and the attribute pending_window must be undefined.

Learn more about this topic at AWS CMK.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - amazon.aws.kms_key:
        alias: mykey
        tags:
          Name: myKey
          Purpose: protect_stuff
        enabled: false

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - amazon.aws.kms_key:
        alias: mykey
        enable_key_rotation: true
        tags:
          Name: myKey
          Purpose: protect_stuff