Alibaba Cloud KMS Key Rotation is disabled
Description
This policy ensures that KMS (Key Management Service) Key Rotation is enabled for keys in Alibaba Cloud. Enabling automatic key rotation helps to maintain security by periodically changing the cryptographic keys, thereby reducing the risk of key compromise over time. KMS keys without automatic rotation enabled may be left vulnerable to prolonged exposure and potential unauthorized use.
Code Example
go
resource "alicloud_kms_key" "example" {
...
+ automatic_rotation = "Enabled"
}Remediation
Terraform
- Resource: alicloud_kms_key
- Arguments: automatic_rotation
To mitigate this issue, ensure the `automatic_rotation` attribute of the `alicloud_kms_key` resource is set to `Enabled`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0027 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_27 |