AWS019 - A KMS key is not configured to auto-rotate.

Written by tfsec

Explanation

You should configure your KMS keys to auto rotate to maintain security and defend against compromise.

Insecure Example

The following example will fail the AWS019 check.

resource "aws_kms_key" "bad_example" {
	enable_key_rotation = false
}

Secure Example

The following example will pass the AWS019 check.

resource "aws_kms_key" "good_example" {
	enable_key_rotation = true
}

Related Links

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key#enable_key_rotation

• https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html

---