turbot/steampipe-mod-aws-compliance

Query: kms_cmk_rotation_enabled

Usage

powerpipe query aws_compliance.query.kms_cmk_rotation_enabled

Steampipe Tables

SQL

select
arn as resource,
case
when origin = 'EXTERNAL' then 'skip'
when customer_master_key_spec <> 'SYMMETRIC_DEFAULT' then 'skip'
when key_state = 'PendingDeletion' then 'skip'
when key_state = 'Disabled' then 'skip'
when not key_rotation_enabled then 'alarm'
else 'ok'
end as status,
case
when origin = 'EXTERNAL' then title || ' has imported key material.'
when customer_master_key_spec <> 'SYMMETRIC_DEFAULT' then title || ' is non-symmetric customer key.'
when key_state = 'PendingDeletion' then title || ' is pending deletion.'
when key_state = 'Disabled' then title || ' is disabled.'
when not key_rotation_enabled then title || ' key rotation disabled.'
else title || ' key rotation enabled.'
end as reason
, region, account_id
from
aws_kms_key
where
key_manager = 'CUSTOMER';

Controls

The query is being used by the following controls: