Alibaba Cloud KMS Key is disabled
Description
This policy ensures that Alibaba Cloud KMS (Key Management Service) keys are enabled. Enabling KMS keys ensures they are active and can be used for cryptographic operations such as data encryption and decryption. Disabled keys cannot perform these operations, which may cause disruptions in applications relying on the keys.
Keeping KMS keys enabled ensures they remain operational and available for secure data handling processes.
Code Example
go
resource "alicloud_kms_key" "example" {
...
+ status = "Enabled"
}Remediation
Terraform
- Resource: alicloud_kms_key
- Arguments: status
To mitigate this issue, ensure the `status` attribute in the `alicloud_kms_key` resource is set to `Enabled`.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0028 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_28 |