Document AI Warehouse Location is not configured to use a Customer Managed Key (CMK)
Description
This policy is checking to make sure that Document AI Warehouse Location is configured to use a Customer Managed Key (CMK). This step is important because it ensures that data stored in Document AI Warehouse in Google Cloud Platform is protected by encryption. Using a Customer Managed Key gives the user more control over their encryption settings, as they can set key rotation periods and disable the key when necessary. This reduces the risk of unauthorized access to data. Without a CMK, data might become vulnerable to security threats.
Code Example
resource "google_document_ai_warehouse_location" "example" {
...
kms_key = "some_value"
...
}Remediation
Terraform
- Resource: google_document_ai_warehouse_location
- Arguments: kms_key
In order to fix this issue, you need to specify the customer-managed encryption key while creating a document warehouse. This can be done by using the `kms_key` attribute in your `google_document_ai_warehouse_location` resource.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1008 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_23 |