Link Search Menu Expand Document

A KMS key is not configured to auto-rotate.

Explanation

You should configure your KMS keys to auto rotate to maintain security and defend against compromise.

Insecure Example

The following example will fail the AWS019 check.

resource "aws_kms_key" "kms_key" {
	enable_key_rotation = false
}

Secure Example

The following example will pass the AWS019 check.

resource "aws_kms_key" "kms_key" {
	enable_key_rotation = true
}